aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2003-02-20 17:14:24 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2003-02-20 17:14:24 +0000
commit75c2c9f78b4c4357de44d15d6e764eaf3e037352 (patch)
treecc3b22756f872b2acc480d66b7dbfb50f3d8ec7f
parent4373f1b748bac7694fd30626a46dec3631c31913 (diff)
downloadsrc-75c2c9f78b4c4357de44d15d6e764eaf3e037352.tar.gz
src-75c2c9f78b4c4357de44d15d6e764eaf3e037352.zip
Update to OpenSSL 0.9.6i.
Notes
Notes: svn path=/releng/5.0/; revision=111181
-rw-r--r--UPDATING4
-rw-r--r--crypto/openssl/CHANGES93
-rwxr-xr-xcrypto/openssl/Configure36
-rw-r--r--crypto/openssl/FAQ74
-rw-r--r--crypto/openssl/INSTALL18
-rw-r--r--crypto/openssl/Makefile.org39
-rw-r--r--crypto/openssl/Makefile.ssl41
-rw-r--r--crypto/openssl/NEWS18
-rw-r--r--crypto/openssl/PROBLEMS16
-rw-r--r--crypto/openssl/README4
-rw-r--r--crypto/openssl/apps/Makefile.ssl6
-rw-r--r--crypto/openssl/apps/apps.h2
-rw-r--r--crypto/openssl/apps/asn1pars.c2
-rw-r--r--crypto/openssl/apps/ca.c29
-rw-r--r--crypto/openssl/apps/ciphers.c2
-rw-r--r--crypto/openssl/apps/crl.c2
-rw-r--r--crypto/openssl/apps/crl2p7.c4
-rw-r--r--crypto/openssl/apps/dgst.c4
-rw-r--r--crypto/openssl/apps/dh.c2
-rw-r--r--crypto/openssl/apps/dhparam.c2
-rw-r--r--crypto/openssl/apps/dsa.c2
-rw-r--r--crypto/openssl/apps/dsaparam.c2
-rw-r--r--crypto/openssl/apps/enc.c6
-rw-r--r--crypto/openssl/apps/errstr.c2
-rw-r--r--crypto/openssl/apps/gendh.c2
-rw-r--r--crypto/openssl/apps/gendsa.c2
-rw-r--r--crypto/openssl/apps/genrsa.c2
-rw-r--r--crypto/openssl/apps/nseq.c4
-rw-r--r--crypto/openssl/apps/openssl.c4
-rw-r--r--crypto/openssl/apps/openssl.cnf1
-rw-r--r--crypto/openssl/apps/passwd.c4
-rw-r--r--crypto/openssl/apps/pkcs12.c12
-rw-r--r--crypto/openssl/apps/pkcs7.c4
-rw-r--r--crypto/openssl/apps/pkcs8.c3
-rw-r--r--crypto/openssl/apps/rand.c2
-rw-r--r--crypto/openssl/apps/req.c4
-rw-r--r--crypto/openssl/apps/rsa.c2
-rw-r--r--crypto/openssl/apps/s_client.c6
-rw-r--r--crypto/openssl/apps/s_server.c20
-rw-r--r--crypto/openssl/apps/s_time.c9
-rw-r--r--crypto/openssl/apps/sess_id.c2
-rw-r--r--crypto/openssl/apps/speed.c6
-rw-r--r--crypto/openssl/apps/spkac.c2
-rw-r--r--crypto/openssl/apps/verify.c2
-rw-r--r--crypto/openssl/apps/version.c2
-rw-r--r--crypto/openssl/apps/x509.c6
-rwxr-xr-xcrypto/openssl/config14
-rw-r--r--crypto/openssl/crypto/Makefile.ssl9
-rw-r--r--crypto/openssl/crypto/asn1/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/asn1/a_sign.c6
-rw-r--r--crypto/openssl/crypto/asn1/a_strex.c4
-rw-r--r--crypto/openssl/crypto/asn1/a_utctm.c2
-rw-r--r--crypto/openssl/crypto/asn1/a_verify.c2
-rw-r--r--crypto/openssl/crypto/asn1/n_pkey.c4
-rw-r--r--crypto/openssl/crypto/asn1/p8_pkey.c4
-rw-r--r--crypto/openssl/crypto/bf/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/bf/bftest.c4
-rw-r--r--crypto/openssl/crypto/bio/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/bio/bio.h2
-rw-r--r--crypto/openssl/crypto/bn/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/bn/bn.h4
-rw-r--r--crypto/openssl/crypto/bn/bn_lib.c4
-rw-r--r--crypto/openssl/crypto/bn/bn_rand.c2
-rw-r--r--crypto/openssl/crypto/bn/bn_word.c5
-rw-r--r--crypto/openssl/crypto/bn/bntest.c12
-rw-r--r--crypto/openssl/crypto/bn/exptest.c19
-rw-r--r--crypto/openssl/crypto/buffer/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/cast/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/cast/casttest.c4
-rw-r--r--crypto/openssl/crypto/comp/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/conf/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/conf/conf_def.c7
-rw-r--r--crypto/openssl/crypto/cryptlib.c31
-rw-r--r--crypto/openssl/crypto/crypto.h55
-rw-r--r--crypto/openssl/crypto/des/Makefile.ssl16
-rw-r--r--crypto/openssl/crypto/des/des.c33
-rw-r--r--crypto/openssl/crypto/des/read2pwd.c9
-rw-r--r--crypto/openssl/crypto/des/read_pwd.c2
-rw-r--r--crypto/openssl/crypto/des/str2key.c5
-rw-r--r--crypto/openssl/crypto/dh/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/dh/dhtest.c7
-rw-r--r--crypto/openssl/crypto/dsa/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/dsa/dsatest.c13
-rw-r--r--crypto/openssl/crypto/dso/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/err/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/err/err_all.c1
-rw-r--r--crypto/openssl/crypto/evp/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/evp/bio_enc.c2
-rw-r--r--crypto/openssl/crypto/evp/bio_ok.c2
-rw-r--r--crypto/openssl/crypto/evp/c_allc.c4
-rw-r--r--crypto/openssl/crypto/evp/c_alld.c4
-rw-r--r--crypto/openssl/crypto/evp/e_idea.c2
-rw-r--r--crypto/openssl/crypto/evp/evp.h2
-rw-r--r--crypto/openssl/crypto/evp/evp_key.c4
-rw-r--r--crypto/openssl/crypto/evp/p5_crpt.c6
-rw-r--r--crypto/openssl/crypto/evp/p5_crpt2.c2
-rw-r--r--crypto/openssl/crypto/evp/p_open.c2
-rw-r--r--crypto/openssl/crypto/hmac/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/hmac/hmactest.c4
-rw-r--r--crypto/openssl/crypto/idea/Makefile.ssl3
-rw-r--r--crypto/openssl/crypto/idea/i_cbc.c1
-rw-r--r--crypto/openssl/crypto/idea/i_cfb64.c1
-rw-r--r--crypto/openssl/crypto/idea/i_ecb.c1
-rw-r--r--crypto/openssl/crypto/idea/i_ofb64.c1
-rw-r--r--crypto/openssl/crypto/idea/i_skey.c1
-rw-r--r--crypto/openssl/crypto/idea/idea.h1
-rw-r--r--crypto/openssl/crypto/idea/idea_lcl.h1
-rw-r--r--crypto/openssl/crypto/idea/idea_spd.c1
-rw-r--r--crypto/openssl/crypto/idea/ideatest.c5
-rw-r--r--crypto/openssl/crypto/idea/version1
-rw-r--r--crypto/openssl/crypto/lhash/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/md2/Makefile.ssl8
-rw-r--r--crypto/openssl/crypto/md2/md2_dgst.c3
-rw-r--r--crypto/openssl/crypto/md2/md2_one.c2
-rw-r--r--crypto/openssl/crypto/md2/md2test.c4
-rw-r--r--crypto/openssl/crypto/md32_common.h2
-rw-r--r--crypto/openssl/crypto/md4/Makefile.ssl6
-rw-r--r--crypto/openssl/crypto/md4/md4_one.c3
-rw-r--r--crypto/openssl/crypto/md4/md4test.c4
-rw-r--r--crypto/openssl/crypto/md5/Makefile.ssl6
-rw-r--r--crypto/openssl/crypto/md5/md5_one.c3
-rw-r--r--crypto/openssl/crypto/md5/md5test.c4
-rw-r--r--crypto/openssl/crypto/mdc2/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2_one.c2
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2test.c4
-rw-r--r--crypto/openssl/crypto/mem.c20
-rw-r--r--crypto/openssl/crypto/mem_dbg.c18
-rw-r--r--crypto/openssl/crypto/objects/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.c2
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.h22
-rw-r--r--crypto/openssl/crypto/objects/obj_mac.h10
-rw-r--r--crypto/openssl/crypto/objects/obj_mac.num2
-rw-r--r--crypto/openssl/crypto/objects/objects.txt4
-rw-r--r--crypto/openssl/crypto/opensslv.h4
-rw-r--r--crypto/openssl/crypto/pem/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/pem/pem_info.c4
-rw-r--r--crypto/openssl/crypto/pem/pem_lib.c21
-rw-r--r--crypto/openssl/crypto/pem/pem_seal.c2
-rw-r--r--crypto/openssl/crypto/pkcs12/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_crpt.c4
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_decr.c2
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_key.c2
-rw-r--r--crypto/openssl/crypto/pkcs7/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/pkcs7/bio_ber.c2
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_doit.c4
-rw-r--r--crypto/openssl/crypto/rand/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/rand/md_rand.c4
-rw-r--r--crypto/openssl/crypto/rand/rand_egd.c2
-rw-r--r--crypto/openssl/crypto/rand/rand_win.c20
-rw-r--r--crypto/openssl/crypto/rand/randfile.c7
-rw-r--r--crypto/openssl/crypto/rand/randtest.c4
-rw-r--r--crypto/openssl/crypto/rc2/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/rc2/rc2test.c4
-rw-r--r--crypto/openssl/crypto/rc4/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/rc4/rc4.c4
-rw-r--r--crypto/openssl/crypto/rc4/rc4test.c4
-rw-r--r--crypto/openssl/crypto/rc5/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/rc5/rc5test.c4
-rw-r--r--crypto/openssl/crypto/ripemd/Makefile.ssl6
-rw-r--r--crypto/openssl/crypto/ripemd/rmd_one.c3
-rw-r--r--crypto/openssl/crypto/ripemd/rmdtest.c4
-rw-r--r--crypto/openssl/crypto/rsa/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/rsa/rsa.h3
-rw-r--r--crypto/openssl/crypto/rsa/rsa_eay.c9
-rw-r--r--crypto/openssl/crypto/rsa/rsa_lib.c1
-rw-r--r--crypto/openssl/crypto/rsa/rsa_pk1.c2
-rw-r--r--crypto/openssl/crypto/rsa/rsa_saos.c6
-rw-r--r--crypto/openssl/crypto/rsa/rsa_sign.c6
-rw-r--r--crypto/openssl/crypto/sha/Makefile.ssl10
-rw-r--r--crypto/openssl/crypto/sha/sha1_one.c3
-rw-r--r--crypto/openssl/crypto/sha/sha1test.c4
-rw-r--r--crypto/openssl/crypto/sha/sha_one.c3
-rw-r--r--crypto/openssl/crypto/sha/shatest.c4
-rw-r--r--crypto/openssl/crypto/stack/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/threads/mttest.c121
-rw-r--r--crypto/openssl/crypto/tmdiff.c5
-rw-r--r--crypto/openssl/crypto/txt_db/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/uid.c2
-rw-r--r--crypto/openssl/crypto/x509/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/x509/by_file.c17
-rw-r--r--crypto/openssl/crypto/x509/x509_cmp.c110
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.c2
-rw-r--r--crypto/openssl/crypto/x509v3/Makefile.ssl2
-rw-r--r--crypto/openssl/demos/selfsign.c2
-rw-r--r--crypto/openssl/doc/apps/passwd.pod2
-rw-r--r--crypto/openssl/doc/apps/req.pod8
-rw-r--r--crypto/openssl/doc/apps/smime.pod4
-rw-r--r--crypto/openssl/doc/apps/x509.pod18
-rw-r--r--crypto/openssl/doc/c-indentation.el10
-rw-r--r--crypto/openssl/doc/crypto/BN_CTX_new.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_add.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_add_word.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_bn2bin.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_copy.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_generate_prime.pod4
-rw-r--r--crypto/openssl/doc/crypto/BN_mod_inverse.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_new.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_rand.pod2
-rw-r--r--crypto/openssl/doc/crypto/DH_generate_key.pod2
-rw-r--r--crypto/openssl/doc/crypto/DH_generate_parameters.pod3
-rw-r--r--crypto/openssl/doc/crypto/DH_new.pod2
-rw-r--r--crypto/openssl/doc/crypto/DSA_SIG_new.pod3
-rw-r--r--crypto/openssl/doc/crypto/DSA_do_sign.pod2
-rw-r--r--crypto/openssl/doc/crypto/DSA_dup_DH.pod2
-rw-r--r--crypto/openssl/doc/crypto/DSA_generate_key.pod3
-rw-r--r--crypto/openssl/doc/crypto/DSA_generate_parameters.pod2
-rw-r--r--crypto/openssl/doc/crypto/DSA_new.pod2
-rw-r--r--crypto/openssl/doc/crypto/DSA_sign.pod2
-rw-r--r--crypto/openssl/doc/crypto/EVP_SealInit.pod5
-rw-r--r--crypto/openssl/doc/crypto/RAND_bytes.pod3
-rw-r--r--crypto/openssl/doc/crypto/RSA_check_key.pod2
-rw-r--r--crypto/openssl/doc/crypto/RSA_generate_key.pod3
-rw-r--r--crypto/openssl/doc/crypto/RSA_print.pod6
-rw-r--r--crypto/openssl/doc/crypto/RSA_private_encrypt.pod3
-rw-r--r--crypto/openssl/doc/crypto/RSA_public_encrypt.pod3
-rw-r--r--crypto/openssl/doc/crypto/RSA_sign.pod4
-rw-r--r--crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod4
-rw-r--r--crypto/openssl/doc/openssl.txt2
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_add_session.pod8
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod53
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod2
-rw-r--r--crypto/openssl/doc/ssl/ssl.pod2
-rw-r--r--crypto/openssl/e_os.h30
-rw-r--r--crypto/openssl/openssl.spec2
-rw-r--r--crypto/openssl/ssl/Makefile.ssl2
-rw-r--r--crypto/openssl/ssl/s23_clnt.c24
-rw-r--r--crypto/openssl/ssl/s23_lib.c2
-rw-r--r--crypto/openssl/ssl/s23_meth.c19
-rw-r--r--crypto/openssl/ssl/s23_srvr.c19
-rw-r--r--crypto/openssl/ssl/s2_clnt.c27
-rw-r--r--crypto/openssl/ssl/s2_enc.c2
-rw-r--r--crypto/openssl/ssl/s2_lib.c20
-rw-r--r--crypto/openssl/ssl/s2_meth.c21
-rw-r--r--crypto/openssl/ssl/s2_pkt.c1
-rw-r--r--crypto/openssl/ssl/s2_srvr.c20
-rw-r--r--crypto/openssl/ssl/s3_clnt.c52
-rw-r--r--crypto/openssl/ssl/s3_enc.c12
-rw-r--r--crypto/openssl/ssl/s3_lib.c19
-rw-r--r--crypto/openssl/ssl/s3_meth.c19
-rw-r--r--crypto/openssl/ssl/s3_pkt.c47
-rw-r--r--crypto/openssl/ssl/s3_srvr.c23
-rw-r--r--crypto/openssl/ssl/ssl.h7
-rw-r--r--crypto/openssl/ssl/ssl_lib.c21
-rw-r--r--crypto/openssl/ssl/ssl_sess.c17
-rw-r--r--crypto/openssl/ssl/ssltest.c26
-rw-r--r--crypto/openssl/ssl/t1_clnt.c17
-rw-r--r--crypto/openssl/ssl/t1_enc.c12
-rw-r--r--crypto/openssl/ssl/t1_meth.c20
-rw-r--r--crypto/openssl/ssl/t1_srvr.c17
-rw-r--r--crypto/openssl/test/Makefile.ssl91
-rw-r--r--crypto/openssl/test/methtest.c4
-rw-r--r--crypto/openssl/test/testssl16
-rw-r--r--crypto/openssl/tools/c_rehash6
-rw-r--r--crypto/openssl/tools/c_rehash.in6
-rwxr-xr-xcrypto/openssl/util/libeay.num7
-rwxr-xr-xcrypto/openssl/util/mk1mf.pl6
-rwxr-xr-xcrypto/openssl/util/mkcerts.sh6
-rw-r--r--crypto/openssl/util/pl/BC-32.pl4
-rw-r--r--crypto/openssl/util/pl/Mingw32.pl1
-rwxr-xr-xcrypto/openssl/util/pod2mantest22
-rw-r--r--secure/lib/libcrypto/Makefile4
-rw-r--r--secure/lib/libcrypto/man/BIO_ctrl.34
-rw-r--r--secure/lib/libcrypto/man/BIO_f_base64.34
-rw-r--r--secure/lib/libcrypto/man/BIO_f_buffer.34
-rw-r--r--secure/lib/libcrypto/man/BIO_f_cipher.34
-rw-r--r--secure/lib/libcrypto/man/BIO_f_md.34
-rw-r--r--secure/lib/libcrypto/man/BIO_f_null.34
-rw-r--r--secure/lib/libcrypto/man/BIO_f_ssl.34
-rw-r--r--secure/lib/libcrypto/man/BIO_find_type.34
-rw-r--r--secure/lib/libcrypto/man/BIO_new.34
-rw-r--r--secure/lib/libcrypto/man/BIO_new_bio_pair.34
-rw-r--r--secure/lib/libcrypto/man/BIO_push.34
-rw-r--r--secure/lib/libcrypto/man/BIO_read.34
-rw-r--r--secure/lib/libcrypto/man/BIO_s_accept.34
-rw-r--r--secure/lib/libcrypto/man/BIO_s_bio.34
-rw-r--r--secure/lib/libcrypto/man/BIO_s_connect.34
-rw-r--r--secure/lib/libcrypto/man/BIO_s_fd.34
-rw-r--r--secure/lib/libcrypto/man/BIO_s_file.34
-rw-r--r--secure/lib/libcrypto/man/BIO_s_mem.34
-rw-r--r--secure/lib/libcrypto/man/BIO_s_null.34
-rw-r--r--secure/lib/libcrypto/man/BIO_s_socket.34
-rw-r--r--secure/lib/libcrypto/man/BIO_set_callback.34
-rw-r--r--secure/lib/libcrypto/man/BIO_should_retry.34
-rw-r--r--secure/lib/libcrypto/man/BN_CTX_new.36
-rw-r--r--secure/lib/libcrypto/man/BN_CTX_start.34
-rw-r--r--secure/lib/libcrypto/man/BN_add.36
-rw-r--r--secure/lib/libcrypto/man/BN_add_word.36
-rw-r--r--secure/lib/libcrypto/man/BN_bn2bin.36
-rw-r--r--secure/lib/libcrypto/man/BN_cmp.34
-rw-r--r--secure/lib/libcrypto/man/BN_copy.36
-rw-r--r--secure/lib/libcrypto/man/BN_generate_prime.38
-rw-r--r--secure/lib/libcrypto/man/BN_mod_inverse.36
-rw-r--r--secure/lib/libcrypto/man/BN_mod_mul_montgomery.36
-rw-r--r--secure/lib/libcrypto/man/BN_mod_mul_reciprocal.36
-rw-r--r--secure/lib/libcrypto/man/BN_new.36
-rw-r--r--secure/lib/libcrypto/man/BN_num_bytes.34
-rw-r--r--secure/lib/libcrypto/man/BN_rand.36
-rw-r--r--secure/lib/libcrypto/man/BN_set_bit.34
-rw-r--r--secure/lib/libcrypto/man/BN_zero.34
-rw-r--r--secure/lib/libcrypto/man/CA.pl.14
-rw-r--r--secure/lib/libcrypto/man/CRYPTO_set_ex_data.34
-rw-r--r--secure/lib/libcrypto/man/DH_generate_key.36
-rw-r--r--secure/lib/libcrypto/man/DH_generate_parameters.37
-rw-r--r--secure/lib/libcrypto/man/DH_get_ex_new_index.34
-rw-r--r--secure/lib/libcrypto/man/DH_new.36
-rw-r--r--secure/lib/libcrypto/man/DH_set_method.34
-rw-r--r--secure/lib/libcrypto/man/DH_size.34
-rw-r--r--secure/lib/libcrypto/man/DSA_SIG_new.37
-rw-r--r--secure/lib/libcrypto/man/DSA_do_sign.36
-rw-r--r--secure/lib/libcrypto/man/DSA_dup_DH.36
-rw-r--r--secure/lib/libcrypto/man/DSA_generate_key.37
-rw-r--r--secure/lib/libcrypto/man/DSA_generate_parameters.36
-rw-r--r--secure/lib/libcrypto/man/DSA_get_ex_new_index.34
-rw-r--r--secure/lib/libcrypto/man/DSA_new.36
-rw-r--r--secure/lib/libcrypto/man/DSA_set_method.34
-rw-r--r--secure/lib/libcrypto/man/DSA_sign.36
-rw-r--r--secure/lib/libcrypto/man/DSA_size.34
-rw-r--r--secure/lib/libcrypto/man/ERR_GET_LIB.34
-rw-r--r--secure/lib/libcrypto/man/ERR_clear_error.34
-rw-r--r--secure/lib/libcrypto/man/ERR_error_string.34
-rw-r--r--secure/lib/libcrypto/man/ERR_get_error.34
-rw-r--r--secure/lib/libcrypto/man/ERR_load_crypto_strings.34
-rw-r--r--secure/lib/libcrypto/man/ERR_load_strings.34
-rw-r--r--secure/lib/libcrypto/man/ERR_print_errors.34
-rw-r--r--secure/lib/libcrypto/man/ERR_put_error.34
-rw-r--r--secure/lib/libcrypto/man/ERR_remove_state.34
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestInit.34
-rw-r--r--secure/lib/libcrypto/man/EVP_EncryptInit.34
-rw-r--r--secure/lib/libcrypto/man/EVP_OpenInit.34
-rw-r--r--secure/lib/libcrypto/man/EVP_SealInit.39
-rw-r--r--secure/lib/libcrypto/man/EVP_SignInit.34
-rw-r--r--secure/lib/libcrypto/man/EVP_VerifyInit.34
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.34
-rw-r--r--secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.34
-rw-r--r--secure/lib/libcrypto/man/RAND_add.34
-rw-r--r--secure/lib/libcrypto/man/RAND_bytes.37
-rw-r--r--secure/lib/libcrypto/man/RAND_cleanup.34
-rw-r--r--secure/lib/libcrypto/man/RAND_egd.34
-rw-r--r--secure/lib/libcrypto/man/RAND_load_file.34
-rw-r--r--secure/lib/libcrypto/man/RAND_set_rand_method.34
-rw-r--r--secure/lib/libcrypto/man/RSA_blinding_on.34
-rw-r--r--secure/lib/libcrypto/man/RSA_check_key.36
-rw-r--r--secure/lib/libcrypto/man/RSA_generate_key.37
-rw-r--r--secure/lib/libcrypto/man/RSA_get_ex_new_index.34
-rw-r--r--secure/lib/libcrypto/man/RSA_new.34
-rw-r--r--secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.34
-rw-r--r--secure/lib/libcrypto/man/RSA_print.310
-rw-r--r--secure/lib/libcrypto/man/RSA_private_encrypt.37
-rw-r--r--secure/lib/libcrypto/man/RSA_public_encrypt.37
-rw-r--r--secure/lib/libcrypto/man/RSA_set_method.34
-rw-r--r--secure/lib/libcrypto/man/RSA_sign.38
-rw-r--r--secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.38
-rw-r--r--secure/lib/libcrypto/man/RSA_size.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CIPHER_get_name.34
-rw-r--r--secure/lib/libcrypto/man/SSL_COMP_add_compression_method.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_add_session.312
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_ctrl.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_flush_sessions.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_free.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_new.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_sess_number.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_sessions.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_cert_store.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_info_callback.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_mode.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_options.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.353
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_timeout.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.34
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_verify.36
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_use_certificate.34
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_free.34
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.34
-rw-r--r--secure/lib/libcrypto/man/SSL_SESSION_get_time.34
-rw-r--r--secure/lib/libcrypto/man/SSL_accept.34
-rw-r--r--secure/lib/libcrypto/man/SSL_alert_type_string.34
-rw-r--r--secure/lib/libcrypto/man/SSL_clear.34
-rw-r--r--secure/lib/libcrypto/man/SSL_connect.34
-rw-r--r--secure/lib/libcrypto/man/SSL_do_handshake.34
-rw-r--r--secure/lib/libcrypto/man/SSL_free.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_SSL_CTX.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_ciphers.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_client_CA_list.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_current_cipher.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_default_timeout.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_error.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_ex_new_index.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_fd.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_peer_cert_chain.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_peer_certificate.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_rbio.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_session.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_verify_result.34
-rw-r--r--secure/lib/libcrypto/man/SSL_get_version.34
-rw-r--r--secure/lib/libcrypto/man/SSL_library_init.34
-rw-r--r--secure/lib/libcrypto/man/SSL_load_client_CA_file.34
-rw-r--r--secure/lib/libcrypto/man/SSL_new.34
-rw-r--r--secure/lib/libcrypto/man/SSL_pending.34
-rw-r--r--secure/lib/libcrypto/man/SSL_read.34
-rw-r--r--secure/lib/libcrypto/man/SSL_rstate_string.34
-rw-r--r--secure/lib/libcrypto/man/SSL_session_reused.34
-rw-r--r--secure/lib/libcrypto/man/SSL_set_bio.34
-rw-r--r--secure/lib/libcrypto/man/SSL_set_connect_state.34
-rw-r--r--secure/lib/libcrypto/man/SSL_set_fd.34
-rw-r--r--secure/lib/libcrypto/man/SSL_set_session.34
-rw-r--r--secure/lib/libcrypto/man/SSL_set_shutdown.34
-rw-r--r--secure/lib/libcrypto/man/SSL_set_verify_result.34
-rw-r--r--secure/lib/libcrypto/man/SSL_shutdown.34
-rw-r--r--secure/lib/libcrypto/man/SSL_state_string.34
-rw-r--r--secure/lib/libcrypto/man/SSL_want.34
-rw-r--r--secure/lib/libcrypto/man/SSL_write.34
-rw-r--r--secure/lib/libcrypto/man/asn1parse.14
-rw-r--r--secure/lib/libcrypto/man/bio.34
-rw-r--r--secure/lib/libcrypto/man/blowfish.34
-rw-r--r--secure/lib/libcrypto/man/bn.34
-rw-r--r--secure/lib/libcrypto/man/bn_internal.34
-rw-r--r--secure/lib/libcrypto/man/buffer.34
-rw-r--r--secure/lib/libcrypto/man/ca.14
-rw-r--r--secure/lib/libcrypto/man/ciphers.14
-rw-r--r--secure/lib/libcrypto/man/config.16
-rw-r--r--secure/lib/libcrypto/man/config.54
-rw-r--r--secure/lib/libcrypto/man/crl.14
-rw-r--r--secure/lib/libcrypto/man/crl2pkcs7.14
-rw-r--r--secure/lib/libcrypto/man/crypto.34
-rw-r--r--secure/lib/libcrypto/man/d2i_DHparams.34
-rw-r--r--secure/lib/libcrypto/man/d2i_RSAPublicKey.34
-rw-r--r--secure/lib/libcrypto/man/d2i_SSL_SESSION.34
-rw-r--r--secure/lib/libcrypto/man/des.34
-rw-r--r--secure/lib/libcrypto/man/des_modes.36
-rw-r--r--secure/lib/libcrypto/man/dgst.14
-rw-r--r--secure/lib/libcrypto/man/dh.34
-rw-r--r--secure/lib/libcrypto/man/dhparam.14
-rw-r--r--secure/lib/libcrypto/man/dsa.14
-rw-r--r--secure/lib/libcrypto/man/dsa.34
-rw-r--r--secure/lib/libcrypto/man/dsaparam.14
-rw-r--r--secure/lib/libcrypto/man/enc.14
-rw-r--r--secure/lib/libcrypto/man/err.34
-rw-r--r--secure/lib/libcrypto/man/evp.34
-rw-r--r--secure/lib/libcrypto/man/gendsa.14
-rw-r--r--secure/lib/libcrypto/man/genrsa.14
-rw-r--r--secure/lib/libcrypto/man/hmac.34
-rw-r--r--secure/lib/libcrypto/man/lh_stats.34
-rw-r--r--secure/lib/libcrypto/man/lhash.34
-rw-r--r--secure/lib/libcrypto/man/md5.34
-rw-r--r--secure/lib/libcrypto/man/mdc2.34
-rw-r--r--secure/lib/libcrypto/man/nseq.14
-rw-r--r--secure/lib/libcrypto/man/openssl.14
-rw-r--r--secure/lib/libcrypto/man/passwd.16
-rw-r--r--secure/lib/libcrypto/man/pkcs12.14
-rw-r--r--secure/lib/libcrypto/man/pkcs7.14
-rw-r--r--secure/lib/libcrypto/man/pkcs8.14
-rw-r--r--secure/lib/libcrypto/man/rand.14
-rw-r--r--secure/lib/libcrypto/man/rand.34
-rw-r--r--secure/lib/libcrypto/man/rc4.34
-rw-r--r--secure/lib/libcrypto/man/req.112
-rw-r--r--secure/lib/libcrypto/man/ripemd.34
-rw-r--r--secure/lib/libcrypto/man/rsa.14
-rw-r--r--secure/lib/libcrypto/man/rsa.34
-rw-r--r--secure/lib/libcrypto/man/rsautl.14
-rw-r--r--secure/lib/libcrypto/man/s_client.14
-rw-r--r--secure/lib/libcrypto/man/s_server.14
-rw-r--r--secure/lib/libcrypto/man/sess_id.14
-rw-r--r--secure/lib/libcrypto/man/sha.34
-rw-r--r--secure/lib/libcrypto/man/smime.18
-rw-r--r--secure/lib/libcrypto/man/speed.14
-rw-r--r--secure/lib/libcrypto/man/spkac.14
-rw-r--r--secure/lib/libcrypto/man/ssl.36
-rw-r--r--secure/lib/libcrypto/man/threads.34
-rw-r--r--secure/lib/libcrypto/man/verify.14
-rw-r--r--secure/lib/libcrypto/man/version.14
-rw-r--r--secure/lib/libcrypto/man/x509.124
-rw-r--r--sys/conf/newvers.sh2
490 files changed, 2127 insertions, 1268 deletions
diff --git a/UPDATING b/UPDATING
index ddf1d5615a3d..67b0050d60be 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,10 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20030220: p2 FreeBSD-SA-03:02.openssl
+ Update to OpenSSL 0.9.6i in order to correct `Timing-based
+ attacks on SSL/TLS with CBC encryption' vulnerability.
+
20030204: p1 FreeBSD-SA-03:01.cvs
Correct a double-free bug and disable a dangerous feature in
cvs.
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 75ebac55bf53..cf7444a1a9c3 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -2,6 +2,87 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.6h and 0.9.6i [19 Feb 2003]
+
+ *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+ via timing by performing a MAC computation even if incorrrect
+ block cipher padding has been found. This is a countermeasure
+ against active attacks where the attacker has to distinguish
+ between bad padding and a MAC verification error. (CAN-2003-0078)
+
+ [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+ Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+ Martin Vuagnoux (EPFL, Ilion)]
+
+ Changes between 0.9.6g and 0.9.6h [5 Dec 2002]
+
+ *) New function OPENSSL_cleanse(), which is used to cleanse a section of
+ memory from it's contents. This is done with a counter that will
+ place alternating values in each byte. This can be used to solve
+ two issues: 1) the removal of calls to memset() by highly optimizing
+ compilers, and 2) cleansing with other values than 0, since those can
+ be read through on certain media, for example a swap space on disk.
+ [Geoff Thorpe]
+
+ *) Bugfix: client side session caching did not work with external caching,
+ because the session->cipher setting was not restored when reloading
+ from the external cache. This problem was masked, when
+ SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
+ (Found by Steve Haslam <steve@araqnid.ddts.net>.)
+ [Lutz Jaenicke]
+
+ *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
+ length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
+ [Zeev Lieber <zeev-l@yahoo.com>]
+
+ *) Undo an undocumented change introduced in 0.9.6e which caused
+ repeated calls to OpenSSL_add_all_ciphers() and
+ OpenSSL_add_all_digests() to be ignored, even after calling
+ EVP_cleanup().
+ [Richard Levitte]
+
+ *) Change the default configuration reader to deal with last line not
+ being properly terminated.
+ [Richard Levitte]
+
+ *) Change X509_NAME_cmp() so it applies the special rules on handling
+ DN values that are of type PrintableString, as well as RDNs of type
+ emailAddress where the value has the type ia5String.
+ [stefank@valicert.com via Richard Levitte]
+
+ *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
+ the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
+ doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
+ the bitwise-OR of the two for use by the majority of applications
+ wanting this behaviour, and update the docs. The documented
+ behaviour and actual behaviour were inconsistent and had been
+ changing anyway, so this is more a bug-fix than a behavioural
+ change.
+ [Geoff Thorpe, diagnosed by Nadav Har'El]
+
+ *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+ (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+ [Bodo Moeller]
+
+ *) Fix initialization code race conditions in
+ SSLv23_method(), SSLv23_client_method(), SSLv23_server_method(),
+ SSLv2_method(), SSLv2_client_method(), SSLv2_server_method(),
+ SSLv3_method(), SSLv3_client_method(), SSLv3_server_method(),
+ TLSv1_method(), TLSv1_client_method(), TLSv1_server_method(),
+ ssl2_get_cipher_by_char(),
+ ssl3_get_cipher_by_char().
+ [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
+
+ *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+ the cached sessions are flushed, as the remove_cb() might use ex_data
+ contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
+ (see [openssl.org #212]).
+ [Geoff Thorpe, Lutz Jaenicke]
+
+ *) Fix typo in OBJ_txt2obj which incorrectly passed the content
+ length, instead of the encoding length to d2i_ASN1_OBJECT.
+ [Steve Henson]
+
Changes between 0.9.6f and 0.9.6g [9 Aug 2002]
*) [In 0.9.6g-engine release:]
@@ -23,6 +104,12 @@
Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer.
+ [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
*) Fix cipher selection routines: ciphers without encryption had no flags
for the cipher strength set and where therefore not handled correctly
by the selection routines (PR #130).
@@ -54,7 +141,7 @@
*) Add various sanity checks to asn1_get_length() to reject
the ASN1 length bytes if they exceed sizeof(long), will appear
negative or the content length exceeds the length of the
- supplied buffer.
+ supplied buffer. (CAN-2002-0659)
[Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
*) Assertions for various potential buffer overflows, not known to
@@ -159,8 +246,8 @@
value is 0.
[Richard Levitte]
- *) [In 0.9.6c-engine release:]
- Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
+ *) [In 0.9.6d-engine release:]
+ Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
[Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
*) Add the configuration target linux-s390x.
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index 15cfbaa0331b..672f9d858bbe 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -122,7 +122,7 @@ my %table=(
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
+"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"dist", "cc:-O::(unknown):::::",
# Basic configs that should work on any (32 and less bit) box
@@ -395,7 +395,7 @@ my %table=(
"aix-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
"aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
-"aix43-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix43-gcc", "gcc:-O1 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
#
# Cray T90 and similar (SDSC)
@@ -477,7 +477,7 @@ my %table=(
# Cygwin
"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=i486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
@@ -495,12 +495,18 @@ my %table=(
"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
"darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN -fno-common::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+##### A/UX
+"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+
##### Sony NEWS-OS 4.x
"newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
##### VxWorks for various targets
"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::",
+##### Compaq Non-Stop Kernel (Tandem)
+"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown)::THIRTY_TWO_BIT:::",
+
);
my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
@@ -577,6 +583,7 @@ my $libs;
my $target;
my $options;
my $symlink;
+my $make_depend=0;
my @argvcopy=@ARGV;
my $argvstring="";
@@ -619,7 +626,7 @@ PROCESS_ARGS:
{ $threads=1; }
elsif (/^no-shared$/)
{ $no_shared=1; }
- elsif (/^shared$/)
+ elsif (/^shared$/ || /^-shared$/ || /^--shared$/)
{ $no_shared=0; }
elsif (/^no-symlinks$/)
{ $symlink=0; }
@@ -1188,11 +1195,13 @@ if($IsWindows) {
EOF
close(OUT);
} else {
- (system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?
- if $symlink;
- ### (system 'make depend') == 0 or exit $? if $depflags ne "";
- # Run "make depend" manually if you want to be able to delete
- # the source code files of ciphers you left out.
+ my $make_command = "make -f Makefile.ssl PERL=\'$perl\'";
+ my $make_targets = "";
+ $make_targets .= " links" if $symlink;
+ $make_targets .= " depend" if $depflags ne "" && $make_depend;
+ $make_targets .= " gentests" if $symlink;
+ (system $make_command.$make_targets) == 0 or exit $?
+ if $make_targets ne "";
if ( $perl =~ m@^/@) {
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
&dofile("apps/der_chop",$perl,'^#!/', '#!%s');
@@ -1202,6 +1211,15 @@ EOF
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
&dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
+ }
+ if ($depflags ne "" && !$make_depend) {
+ print <<EOF;
+
+Since you've disabled at least one algorithm, you need to do the following
+before building:
+
+ make depend
+EOF
}
}
diff --git a/crypto/openssl/FAQ b/crypto/openssl/FAQ
index f9cd7d2820a9..e2e7adf46a5a 100644
--- a/crypto/openssl/FAQ
+++ b/crypto/openssl/FAQ
@@ -9,6 +9,7 @@ OpenSSL - Frequently Asked Questions
* Where can I get a compiled version of OpenSSL?
* Why aren't tools like 'autoconf' and 'libtool' used?
* What is an 'engine' version?
+* How do I check the authenticity of the OpenSSL distribution?
[LEGAL] Legal questions
@@ -35,6 +36,7 @@ OpenSSL - Frequently Asked Questions
* Why does the linker complain about undefined symbols?
* Why does the OpenSSL test fail with "bc: command not found"?
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
+* Why does the OpenSSL test fail with "bc: stack empty"?
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
* Why does the OpenSSL compilation fail with "ar: command not found"?
* Why does the OpenSSL compilation fail on Win32 with VC++?
@@ -61,7 +63,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6g was released on 9 August 2002.
+OpenSSL 0.9.7a was released on February 19, 2003.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@@ -132,6 +134,19 @@ hardware. This was realized in a special release '0.9.6-engine'. With
version 0.9.7 (not yet released) the changes were merged into the main
development line, so that the special release is no longer necessary.
+* How do I check the authenticity of the OpenSSL distribution?
+
+We provide MD5 digests and ASC signatures of each tarball.
+Use MD5 to check that a tarball from a mirror site is identical:
+
+ md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
+
+You can check authenticity using pgp or gpg. You need the OpenSSL team
+member public key used to sign it (download it from a key server). Then
+just do:
+
+ pgp TARBALL.asc
+
[LEGAL] =======================================================================
* Do I need patent licenses to use OpenSSL?
@@ -169,18 +184,30 @@ for permission to use their software with OpenSSL.
Cryptographic software needs a source of unpredictable data to work
correctly. Many open source operating systems provide a "randomness
-device" that serves this purpose. On other systems, applications have
-to call the RAND_add() or RAND_seed() function with appropriate data
-before generating keys or performing public key encryption.
-(These functions initialize the pseudo-random number generator, PRNG.)
-
-Some broken applications do not do this. As of version 0.9.5, the
-OpenSSL functions that need randomness report an error if the random
-number generator has not been seeded with at least 128 bits of
-randomness. If this error occurs, please contact the author of the
-application you are using. It is likely that it never worked
-correctly. OpenSSL 0.9.5 and later make the error visible by refusing
-to perform potentially insecure encryption.
+device" (/dev/urandom or /dev/random) that serves this purpose.
+All OpenSSL versions try to use /dev/urandom by default; starting with
+version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
+available.
+
+On other systems, applications have to call the RAND_add() or
+RAND_seed() function with appropriate data before generating keys or
+performing public key encryption. (These functions initialize the
+pseudo-random number generator, PRNG.) Some broken applications do
+not do this. As of version 0.9.5, the OpenSSL functions that need
+randomness report an error if the random number generator has not been
+seeded with at least 128 bits of randomness. If this error occurs and
+is not discussed in the documentation of the application you are
+using, please contact the author of that application; it is likely
+that it never worked correctly. OpenSSL 0.9.5 and later make the
+error visible by refusing to perform potentially insecure encryption.
+
+If you are using Solaris 8, you can add /dev/urandom and /dev/random
+devices by installing patch 112438 (Sparc) or 112439 (x86), which are
+available via the Patchfinder at <URL: http://sunsolve.sun.com>
+(Solaris 9 includes these devices by default). For /dev/random support
+for earlier Solaris versions, see Sun's statement at
+<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
+(the SUNWski package is available in patch 105710).
On systems without /dev/urandom and /dev/random, it is a good idea to
use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
@@ -213,16 +240,6 @@ OpenSSL command line tools. Applications using the OpenSSL library
provide their own configuration options to specify the entropy source,
please check out the documentation coming the with application.
-For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
-installing the SUNski package from Sun patch 105710-01 (Sparc) which
-adds a /dev/random device and make sure it gets used, usually through
-$RANDFILE. There are probably similar patches for the other Solaris
-versions. An official statement from Sun with respect to /dev/random
-support can be found at
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
-However, be warned that /dev/random is usually a blocking device, which
-may have some effects on OpenSSL.
-
* Why do I get an "unable to write 'random state'" error message?
@@ -392,6 +409,17 @@ and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
for download instructions) can be safely used, for example.
+* Why does the OpenSSL test fail with "bc: stack empty"?
+
+On some DG/ux versions, bc seems to have a too small stack for calculations
+that the OpenSSL bntest throws at it. This gets triggered when you run the
+test suite (using "make test"). The message returned is "bc: stack empty".
+
+The best way to deal with this is to find another implementation of bc
+and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
+for download instructions) can be safely used, for example.
+
+
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
On some Alpha installations running Tru64 Unix and Compaq C, the compilation
diff --git a/crypto/openssl/INSTALL b/crypto/openssl/INSTALL
index 75a843b15f4e..e78e283a9876 100644
--- a/crypto/openssl/INSTALL
+++ b/crypto/openssl/INSTALL
@@ -129,8 +129,8 @@
standard headers). If it is a problem with OpenSSL itself, please
report the problem to <openssl-bugs@openssl.org> (note that your
message will be recorded in the request tracker publicly readable
- via http://www.openssl.org/rt2.html and will be forwarded to a public
- mailing list). Include the output of "make report" in your message.
+ via http://www.openssl.org/support/rt2.html and will be forwarded to a
+ public mailing list). Include the output of "make report" in your message.
Please check out the request tracker. Maybe the bug was already
reported or has already been fixed.
@@ -151,7 +151,7 @@
in Makefile.ssl and run "make clean; make". Please send a bug
report to <openssl-bugs@openssl.org>, including the output of
"make report" in order to be added to the request tracker at
- http://www.openssl.org/rt2.html.
+ http://www.openssl.org/support/rt2.html.
4. If everything tests ok, install OpenSSL with
@@ -285,3 +285,15 @@
targets for shared library creation, like linux-shared. Those targets
can currently be used on their own just as well, but this is expected
to change in future versions of OpenSSL.
+
+ Note on random number generation
+ --------------------------------
+
+ Availability of cryptographically secure random numbers is required for
+ secret key generation. OpenSSL provides several options to seed the
+ internal PRNG. If not properly seeded, the internal PRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+ On systems without /dev/urandom (or similar) device, it may be necessary
+ to install additional support software to obtain random seed.
+ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+ and the FAQ for more information.
diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org
index 56e11a144b72..cdf2d1b69032 100644
--- a/crypto/openssl/Makefile.org
+++ b/crypto/openssl/Makefile.org
@@ -270,9 +270,7 @@ do_gnu-shared:
done
DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
- collect2=`gcc -print-prog-name=collect2 2>&1` && \
- [ -n "$$collect2" ] && \
- my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
+ my_ld=`${CC} -print-prog-name=ld 2>&1` && \
[ -n "$$my_ld" ] && \
$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
@@ -529,6 +527,10 @@ links:
fi; \
done;
+gentests:
+ @(cd test && echo "generating dummy tests (if needed)..." && \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+
dclean:
rm -f *.bak
@for i in $(DIRS) ;\
@@ -610,6 +612,9 @@ update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
tar:
+ find . -type d -print | xargs chmod 755
+ find . -type f -print | xargs chmod a+r
+ find . -type f -perm -0100 -print | xargs chmod a+x
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
tardy --user_number=0 --user_name=openssl \
@@ -652,9 +657,10 @@ install: all install_docs
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi; \
done
@if [ -n "$(SHARED_LIBS)" ]; then \
@@ -664,14 +670,17 @@ install: all install_docs
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
c=`echo $$i | sed 's/^lib/cyg/'`; \
- cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+ cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+ mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
fi ); \
fi; \
done; \
@@ -687,13 +696,13 @@ install_docs:
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
- @pod2man=`cd util; ./pod2mantest ignore`; \
+ @pod2man="`cd util; ./pod2mantest $(PERL)`"; \
for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$(PERL) $$pod2man \
+ sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
@@ -703,7 +712,7 @@ install_docs:
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$(PERL) $$pod2man \
+ sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
diff --git a/crypto/openssl/Makefile.ssl b/crypto/openssl/Makefile.ssl
index 43b5ac39582b..fd6084227f34 100644
--- a/crypto/openssl/Makefile.ssl
+++ b/crypto/openssl/Makefile.ssl
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=0.9.6g
+VERSION=0.9.6i
MAJOR=0
MINOR=9.6
SHLIB_VERSION_NUMBER=0.9.6
@@ -272,9 +272,7 @@ do_gnu-shared:
done
DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
- collect2=`gcc -print-prog-name=collect2 2>&1` && \
- [ -n "$$collect2" ] && \
- my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
+ my_ld=`${CC} -print-prog-name=ld 2>&1` && \
[ -n "$$my_ld" ] && \
$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
@@ -531,6 +529,10 @@ links:
fi; \
done;
+gentests:
+ @(cd test && echo "generating dummy tests (if needed)..." && \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+
dclean:
rm -f *.bak
@for i in $(DIRS) ;\
@@ -612,6 +614,9 @@ update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
tar:
+ find . -type d -print | xargs chmod 755
+ find . -type f -print | xargs chmod a+r
+ find . -type f -perm -0100 -print | xargs chmod a+x
find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
tardy --user_number=0 --user_name=openssl \
@@ -654,9 +659,10 @@ install: all install_docs
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
fi; \
done
@if [ -n "$(SHARED_LIBS)" ]; then \
@@ -666,14 +672,17 @@ install: all install_docs
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+ mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
c=`echo $$i | sed 's/^lib/cyg/'`; \
- cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+ cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+ mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
fi ); \
fi; \
done; \
@@ -689,13 +698,13 @@ install_docs:
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
- @pod2man=`cd util; ./pod2mantest ignore`; \
+ @pod2man="`cd util; ./pod2mantest $(PERL)`"; \
for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$(PERL) $$pod2man \
+ sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
@@ -705,7 +714,7 @@ install_docs:
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$(PERL) $$pod2man \
+ sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 577db09cff5e..8a4bb3597c5f 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,24 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
+
+ o Important security related bugfixes.
+
+ Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
+
+ o New configuration targets for Tandem OSS and A/UX.
+ o New OIDs for Microsoft attributes.
+ o Better handling of SSL session caching.
+ o Better comparison of distinguished names.
+ o Better handling of shared libraries in a mixed GNU/non-GNU environment.
+ o Support assembler code with Borland C.
+ o Fixes for length problems.
+ o Fixes for uninitialised variables.
+ o Fixes for memory leaks, some unusual crashes and some race conditions.
+ o Fixes for smaller building problems.
+ o Updates of manuals, FAQ and other instructive documents.
+
Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
o Important building fixes on Unix.
diff --git a/crypto/openssl/PROBLEMS b/crypto/openssl/PROBLEMS
index 7e6af8ad4d87..5cb7f87de6b4 100644
--- a/crypto/openssl/PROBLEMS
+++ b/crypto/openssl/PROBLEMS
@@ -40,3 +40,19 @@ scripts use the same name for output and input files, which means different
will interfere with each other and lead to test failure.
The solution is simple for now: don't run parallell make when testing.
+
+
+* Bugs in gcc 3.0 triggered
+
+According to a problem report, there are bugs in gcc 3.0 that are
+triggered by some of the code in OpenSSL, more specifically in
+PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
+
+ header+=11;
+ if (*header != '4') return(0); header++;
+ if (*header != ',') return(0); header++;
+
+What happens is that gcc might optimize a little too agressively, and
+you end up with an extra incrementation when *header != '4'.
+
+We recommend that you upgrade gcc to as high a 3.x version as you can.
diff --git a/crypto/openssl/README b/crypto/openssl/README
index da9015331f68..62e311837cce 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,7 +1,7 @@
- OpenSSL 0.9.6g 9 August 2002
+ OpenSSL 0.9.6i Feb 19 2003
- Copyright (c) 1998-2002 The OpenSSL Project
+ Copyright (c) 1998-2003 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
diff --git a/crypto/openssl/apps/Makefile.ssl b/crypto/openssl/apps/Makefile.ssl
index 0b3208f0de82..3b74fc96bbcb 100644
--- a/crypto/openssl/apps/Makefile.ssl
+++ b/crypto/openssl/apps/Makefile.ssl
@@ -117,7 +117,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -128,10 +128,10 @@ clean:
rm -f req
$(DLIBSSL):
- (cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+ (cd ..; $(MAKE) DIRS=ssl all)
$(DLIBCRYPTO):
- (cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+ (cd ..; $(MAKE) DIRS=crypto all)
$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(PROGRAM)
diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h
index 82587b977056..1c6956a2882c 100644
--- a/crypto/openssl/apps/apps.h
+++ b/crypto/openssl/apps/apps.h
@@ -92,8 +92,10 @@ int WIN32_rename(char *oldname,char *newname);
#define MAIN(a,v) main(a,v)
#ifndef NON_MAIN
+LHASH *config=NULL;
BIO *bio_err=NULL;
#else
+extern LHASH *config;
extern BIO *bio_err;
#endif
diff --git a/crypto/openssl/apps/asn1pars.c b/crypto/openssl/apps/asn1pars.c
index 5339166e0885..8cc13ee2d113 100644
--- a/crypto/openssl/apps/asn1pars.c
+++ b/crypto/openssl/apps/asn1pars.c
@@ -328,6 +328,6 @@ end:
if (at != NULL) ASN1_TYPE_free(at);
if (osk != NULL) sk_free(osk);
OBJ_cleanup();
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c
index 0618bb566086..b8487208c6d2 100644
--- a/crypto/openssl/apps/ca.c
+++ b/crypto/openssl/apps/ca.c
@@ -543,7 +543,7 @@ bad:
goto err;
}
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
- if(key) memset(key,0,strlen(key));
+ if(key) OPENSSL_cleanse(key,strlen(key));
if (pkey == NULL)
{
BIO_printf(bio_err,"unable to load CA private key\n");
@@ -606,12 +606,14 @@ bad:
that to access(). However, time's too short to do that just
now.
*/
+#ifndef VXWORKS
if (access(outdir,R_OK|W_OK|X_OK) != 0)
{
BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
perror(outdir);
goto err;
}
+#endif
if (stat(outdir,&sb) != 0)
{
@@ -829,9 +831,14 @@ bad:
}
if (verbose)
{
- if ((f=BN_bn2hex(serial)) == NULL) goto err;
- BIO_printf(bio_err,"next serial number is %s\n",f);
- OPENSSL_free(f);
+ if (BN_is_zero(serial))
+ BIO_printf(bio_err,"next serial number is 00\n");
+ else
+ {
+ if ((f=BN_bn2hex(serial)) == NULL) goto err;
+ BIO_printf(bio_err,"next serial number is %s\n",f);
+ OPENSSL_free(f);
+ }
}
if ((attribs=CONF_get_section(conf,policy)) == NULL)
@@ -1275,7 +1282,7 @@ err:
X509_CRL_free(crl);
CONF_free(conf);
OBJ_cleanup();
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
static void lookup_fail(char *name, char *tag)
@@ -1340,7 +1347,7 @@ static BIGNUM *load_serial(char *serialfile)
ret=ASN1_INTEGER_to_BN(ai,NULL);
if (ret == NULL)
{
- BIO_printf(bio_err,"error converting number from bin to BIGNUM");
+ BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
goto err;
}
err:
@@ -1728,7 +1735,10 @@ again2:
BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
row[DB_name]=X509_NAME_oneline(subject,NULL,0);
- row[DB_serial]=BN_bn2hex(serial);
+ if (BN_is_zero(serial))
+ row[DB_serial]=BUF_strdup("00");
+ else
+ row[DB_serial]=BN_bn2hex(serial);
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
{
BIO_printf(bio_err,"Memory allocation failure\n");
@@ -2142,7 +2152,10 @@ static int do_revoke(X509 *x509, TXT_DB *db)
row[i]=NULL;
row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
- row[DB_serial]=BN_bn2hex(bn);
+ if (BN_is_zero(bn))
+ row[DB_serial]=BUF_strdup("00");
+ else
+ row[DB_serial]=BN_bn2hex(bn);
BN_free(bn);
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
{
diff --git a/crypto/openssl/apps/ciphers.c b/crypto/openssl/apps/ciphers.c
index b6e2f966d86e..0dc30d65e401 100644
--- a/crypto/openssl/apps/ciphers.c
+++ b/crypto/openssl/apps/ciphers.c
@@ -202,6 +202,6 @@ end:
if (ctx != NULL) SSL_CTX_free(ctx);
if (ssl != NULL) SSL_free(ssl);
if (STDout != NULL) BIO_free_all(STDout);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/crl.c b/crypto/openssl/apps/crl.c
index 3b5725f23f2c..648a32ee4cf9 100644
--- a/crypto/openssl/apps/crl.c
+++ b/crypto/openssl/apps/crl.c
@@ -364,7 +364,7 @@ end:
X509_STORE_CTX_cleanup(&ctx);
X509_STORE_free(store);
}
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
static X509_CRL *load_crl(char *infile, int format)
diff --git a/crypto/openssl/apps/crl2p7.c b/crypto/openssl/apps/crl2p7.c
index 7f853b65ab2b..3ef55dd2bb4e 100644
--- a/crypto/openssl/apps/crl2p7.c
+++ b/crypto/openssl/apps/crl2p7.c
@@ -166,7 +166,7 @@ bad:
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
BIO_printf(bio_err," (can be used more than once)\n");
BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
- EXIT(1);
+ OPENSSL_EXIT(1);
}
ERR_load_crypto_strings();
@@ -278,7 +278,7 @@ end:
if (p7 != NULL) PKCS7_free(p7);
if (crl != NULL) X509_CRL_free(crl);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
/*
diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c
index 482b0238571e..e339811365c0 100644
--- a/crypto/openssl/apps/dgst.c
+++ b/crypto/openssl/apps/dgst.c
@@ -327,7 +327,7 @@ int MAIN(int argc, char **argv)
end:
if (buf != NULL)
{
- memset(buf,0,BUFSIZE);
+ OPENSSL_cleanse(buf,BUFSIZE);
OPENSSL_free(buf);
}
if (in != NULL) BIO_free(in);
@@ -335,7 +335,7 @@ end:
EVP_PKEY_free(sigkey);
if(sigbuf) OPENSSL_free(sigbuf);
if (bmd != NULL) BIO_free(bmd);
- EXIT(err);
+ OPENSSL_EXIT(err);
}
void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
diff --git a/crypto/openssl/apps/dh.c b/crypto/openssl/apps/dh.c
index 7465442e49f1..ee2514a07ea1 100644
--- a/crypto/openssl/apps/dh.c
+++ b/crypto/openssl/apps/dh.c
@@ -319,6 +319,6 @@ end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
#endif
diff --git a/crypto/openssl/apps/dhparam.c b/crypto/openssl/apps/dhparam.c
index 5f9b60148d6f..baf0d3302aac 100644
--- a/crypto/openssl/apps/dhparam.c
+++ b/crypto/openssl/apps/dhparam.c
@@ -506,7 +506,7 @@ end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
diff --git a/crypto/openssl/apps/dsa.c b/crypto/openssl/apps/dsa.c
index 7c4a46f78eae..04efe16b5836 100644
--- a/crypto/openssl/apps/dsa.c
+++ b/crypto/openssl/apps/dsa.c
@@ -293,6 +293,6 @@ end:
if(dsa != NULL) DSA_free(dsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
#endif
diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c
index 0c2529e2859a..ea29b0cf65af 100644
--- a/crypto/openssl/apps/dsaparam.c
+++ b/crypto/openssl/apps/dsaparam.c
@@ -357,7 +357,7 @@ end:
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c
index e37536324213..397b0e9c12ea 100644
--- a/crypto/openssl/apps/enc.c
+++ b/crypto/openssl/apps/enc.c
@@ -506,9 +506,9 @@ bad:
* bug picked up by
* Larry J. Hughes Jr. <hughes@indiana.edu> */
if (str == strbuf)
- memset(str,0,SIZE);
+ OPENSSL_cleanse(str,SIZE);
else
- memset(str,0,strlen(str));
+ OPENSSL_cleanse(str,strlen(str));
}
if ((hiv != NULL) && !set_hex(hiv,iv,8))
{
@@ -604,7 +604,7 @@ end:
if (benc != NULL) BIO_free(benc);
if (b64 != NULL) BIO_free(b64);
if(pass) OPENSSL_free(pass);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
int set_hex(char *in, unsigned char *out, int size)
diff --git a/crypto/openssl/apps/errstr.c b/crypto/openssl/apps/errstr.c
index e392328f93d2..de7d5fd6501a 100644
--- a/crypto/openssl/apps/errstr.c
+++ b/crypto/openssl/apps/errstr.c
@@ -121,5 +121,5 @@ int MAIN(int argc, char **argv)
ret++;
}
}
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/gendh.c b/crypto/openssl/apps/gendh.c
index e0c7889a31e1..f02f87d17b3d 100644
--- a/crypto/openssl/apps/gendh.c
+++ b/crypto/openssl/apps/gendh.c
@@ -184,7 +184,7 @@ end:
ERR_print_errors(bio_err);
if (out != NULL) BIO_free_all(out);
if (dh != NULL) DH_free(dh);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
static void MS_CALLBACK dh_cb(int p, int n, void *arg)
diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c
index 6022d8f1427a..4abd7786b1b8 100644
--- a/crypto/openssl/apps/gendsa.c
+++ b/crypto/openssl/apps/gendsa.c
@@ -220,6 +220,6 @@ end:
if (out != NULL) BIO_free_all(out);
if (dsa != NULL) DSA_free(dsa);
if(passout) OPENSSL_free(passout);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
#endif
diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c
index ac0b709e7af9..1f0f2d780942 100644
--- a/crypto/openssl/apps/genrsa.c
+++ b/crypto/openssl/apps/genrsa.c
@@ -224,7 +224,7 @@ err:
if(passout) OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
diff --git a/crypto/openssl/apps/nseq.c b/crypto/openssl/apps/nseq.c
index 1d73d1ad5231..da5277d4c441 100644
--- a/crypto/openssl/apps/nseq.c
+++ b/crypto/openssl/apps/nseq.c
@@ -102,7 +102,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-in file input file\n");
BIO_printf (bio_err, "-out file output file\n");
BIO_printf (bio_err, "-toseq output NS Sequence file\n");
- EXIT(1);
+ OPENSSL_EXIT(1);
}
if (infile) {
@@ -162,6 +162,6 @@ end:
BIO_free_all(out);
NETSCAPE_CERT_SEQUENCE_free(seq);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c
index 24450ddb71f4..95e1e00a8d04 100644
--- a/crypto/openssl/apps/openssl.c
+++ b/crypto/openssl/apps/openssl.c
@@ -77,11 +77,11 @@ static unsigned long MS_CALLBACK hash(FUNCTION *a);
static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
static LHASH *prog_init(void );
static int do_cmd(LHASH *prog,int argc,char *argv[]);
-LHASH *config=NULL;
char *default_config_file=NULL;
/* Make sure there is only one when MONOLITH is defined */
#ifdef MONOLITH
+LHASH *config=NULL;
BIO *bio_err=NULL;
#endif
@@ -215,7 +215,7 @@ end:
BIO_free(bio_err);
bio_err=NULL;
}
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
#define LIST_STANDARD_COMMANDS "list-standard-commands"
diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf
index 2ba3b2aa3935..dbe8cbefe0ea 100644
--- a/crypto/openssl/apps/openssl.cnf
+++ b/crypto/openssl/apps/openssl.cnf
@@ -2,7 +2,6 @@
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
-# $FreeBSD$
# This definition stops the following lines choking if HOME isn't
# defined.
diff --git a/crypto/openssl/apps/passwd.c b/crypto/openssl/apps/passwd.c
index ea2b089e24a7..eaa90312fc83 100644
--- a/crypto/openssl/apps/passwd.c
+++ b/crypto/openssl/apps/passwd.c
@@ -284,7 +284,7 @@ err:
BIO_free(in);
if (out)
BIO_free_all(out);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
@@ -498,6 +498,6 @@ err:
int MAIN(int argc, char **argv)
{
fputs("Program not available.\n", stderr)
- EXIT(1);
+ OPENSSL_EXIT(1);
}
#endif
diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c
index aeba62ea08c9..4e20c0cc369f 100644
--- a/crypto/openssl/apps/pkcs12.c
+++ b/crypto/openssl/apps/pkcs12.c
@@ -480,9 +480,10 @@ int MAIN(int argc, char **argv)
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num (chain2) ; i++)
sk_X509_push(certs, sk_X509_value (chain2, i));
- }
- sk_X509_free(chain2);
- if (vret) {
+ /* Free first certificate */
+ X509_free(sk_X509_value(chain2, 0));
+ sk_X509_free(chain2);
+ } else {
BIO_printf (bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
goto export_end;
@@ -509,8 +510,6 @@ int MAIN(int argc, char **argv)
}
sk_X509_pop_free(certs, X509_free);
certs = NULL;
- /* ucert is part of certs so it is already freed */
- ucert = NULL;
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
@@ -598,7 +597,6 @@ int MAIN(int argc, char **argv)
if (certs) sk_X509_pop_free(certs, X509_free);
if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
- if (ucert) X509_free(ucert);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
@@ -668,7 +666,7 @@ int MAIN(int argc, char **argv)
if (canames) sk_free(canames);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
diff --git a/crypto/openssl/apps/pkcs7.c b/crypto/openssl/apps/pkcs7.c
index a9fff11e5cf9..f100c8d05377 100644
--- a/crypto/openssl/apps/pkcs7.c
+++ b/crypto/openssl/apps/pkcs7.c
@@ -154,7 +154,7 @@ bad:
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err," -text print full details of certificates\n");
BIO_printf(bio_err," -noout don't output encoded data\n");
- EXIT(1);
+ OPENSSL_EXIT(1);
}
ERR_load_crypto_strings();
@@ -289,5 +289,5 @@ end:
if (p7 != NULL) PKCS7_free(p7);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/pkcs8.c b/crypto/openssl/apps/pkcs8.c
index 7b588e433707..926af8675fd0 100644
--- a/crypto/openssl/apps/pkcs8.c
+++ b/crypto/openssl/apps/pkcs8.c
@@ -236,7 +236,8 @@ int MAIN(int argc, char **argv)
if(passout) p8pass = passout;
else {
p8pass = pass;
- EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
+ if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1))
+ return (1);
}
app_RAND_load_file(NULL, bio_err, 0);
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
diff --git a/crypto/openssl/apps/rand.c b/crypto/openssl/apps/rand.c
index 04764d7ffb6c..498a802650e3 100644
--- a/crypto/openssl/apps/rand.c
+++ b/crypto/openssl/apps/rand.c
@@ -144,5 +144,5 @@ err:
ERR_print_errors(bio_err);
if (out)
BIO_free_all(out);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c
index 11c4e5f03fa6..0fb426d9023e 100644
--- a/crypto/openssl/apps/req.c
+++ b/crypto/openssl/apps/req.c
@@ -422,7 +422,7 @@ bad:
if (template != NULL)
{
- long errline;
+ long errline = -1;
BIO_printf(bio_err,"Using configuration from %s\n",template);
req_conf=CONF_load(NULL,template,&errline);
@@ -909,7 +909,7 @@ end:
#ifndef NO_DSA
if (dsa_params != NULL) DSA_free(dsa_params);
#endif
- EXIT(ex);
+ OPENSSL_EXIT(ex);
}
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
diff --git a/crypto/openssl/apps/rsa.c b/crypto/openssl/apps/rsa.c
index b4b0651a94bd..f35b6d166e97 100644
--- a/crypto/openssl/apps/rsa.c
+++ b/crypto/openssl/apps/rsa.c
@@ -389,7 +389,7 @@ end:
if(rsa != NULL) RSA_free(rsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
#else /* !NO_RSA */
diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c
index 9cfe2b15804b..3e2a2953d77b 100644
--- a/crypto/openssl/apps/s_client.c
+++ b/crypto/openssl/apps/s_client.c
@@ -768,14 +768,14 @@ end:
if (con != NULL) SSL_free(con);
if (con2 != NULL) SSL_free(con2);
if (ctx != NULL) SSL_CTX_free(ctx);
- if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
- if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
+ if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
+ if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
if (bio_c_out != NULL)
{
BIO_free(bio_c_out);
bio_c_out=NULL;
}
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c
index 624dfb5e4198..e6ecafd4ed1e 100644
--- a/crypto/openssl/apps/s_server.c
+++ b/crypto/openssl/apps/s_server.c
@@ -253,10 +253,10 @@ static char **local_argv;
static int ebcdic_new(BIO *bi);
static int ebcdic_free(BIO *a);
static int ebcdic_read(BIO *b, char *out, int outl);
-static int ebcdic_write(BIO *b, char *in, int inl);
-static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
+static int ebcdic_write(BIO *b, const char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
static int ebcdic_gets(BIO *bp, char *buf, int size);
-static int ebcdic_puts(BIO *bp, char *str);
+static int ebcdic_puts(BIO *bp, const char *str);
#define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
static BIO_METHOD methods_ebcdic=
@@ -321,7 +321,7 @@ static int ebcdic_read(BIO *b, char *out, int outl)
return(ret);
}
-static int ebcdic_write(BIO *b, char *in, int inl)
+static int ebcdic_write(BIO *b, const char *in, int inl)
{
EBCDIC_OUTBUFF *wbuf;
int ret=0;
@@ -354,7 +354,7 @@ static int ebcdic_write(BIO *b, char *in, int inl)
return(ret);
}
-static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret;
@@ -373,7 +373,7 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
static int ebcdic_gets(BIO *bp, char *buf, int size)
{
- int i, ret;
+ int i, ret=0;
if (bp->next_bio == NULL) return(0);
/* return(BIO_gets(bp->next_bio,buf,size));*/
for (i=0; i<size-1; ++i)
@@ -392,7 +392,7 @@ static int ebcdic_gets(BIO *bp, char *buf, int size)
return (ret < 0 && i == 0) ? ret : i;
}
-static int ebcdic_puts(BIO *bp, char *str)
+static int ebcdic_puts(BIO *bp, const char *str)
{
if (bp->next_bio == NULL) return(0);
return ebcdic_write(bp, str, strlen(str));
@@ -741,7 +741,7 @@ end:
BIO_free(bio_s_out);
bio_s_out=NULL;
}
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
@@ -1043,7 +1043,7 @@ err:
BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
if (buf != NULL)
{
- memset(buf,0,bufsize);
+ OPENSSL_cleanse(buf,bufsize);
OPENSSL_free(buf);
}
if (ret >= 0)
@@ -1250,7 +1250,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
else
{
BIO_printf(bio_s_out,"read R BLOCK\n");
-#ifndef MSDOS
+#if !defined(MSDOS) && !defined(VXWORKS)
sleep(1);
#endif
continue;
diff --git a/crypto/openssl/apps/s_time.c b/crypto/openssl/apps/s_time.c
index 2d8e2b24d228..895741d4cde7 100644
--- a/crypto/openssl/apps/s_time.c
+++ b/crypto/openssl/apps/s_time.c
@@ -116,6 +116,11 @@
#include <sys/param.h>
#endif
+#ifdef VXWORKS
+#include <tickLib.h>
+#undef SIGALRM
+#endif
+
/* The following if from times(3) man page. It may need to be changed
*/
#ifndef HZ
@@ -461,7 +466,7 @@ int MAIN(int argc, char **argv)
if (tm_cipher == NULL ) {
fprintf( stderr, "No CIPHER specified\n" );
-/* EXIT(1); */
+/* OPENSSL_EXIT(1); */
}
if (!(perform & 1)) goto next;
@@ -628,7 +633,7 @@ end:
SSL_CTX_free(tm_ctx);
tm_ctx=NULL;
}
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
/***********************************************************************
diff --git a/crypto/openssl/apps/sess_id.c b/crypto/openssl/apps/sess_id.c
index 60cc3f1e496a..cf15006ca72a 100644
--- a/crypto/openssl/apps/sess_id.c
+++ b/crypto/openssl/apps/sess_id.c
@@ -272,7 +272,7 @@ bad:
end:
if (out != NULL) BIO_free_all(out);
if (x != NULL) SSL_SESSION_free(x);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
static SSL_SESSION *load_sess_id(char *infile, int format)
diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
index ad3ebadeef25..6ae0c8d6ebf7 100644
--- a/crypto/openssl/apps/speed.c
+++ b/crypto/openssl/apps/speed.c
@@ -54,8 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD$
*/
/* most of this code has been pilfered from my libdes speed.c program */
@@ -691,7 +689,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"\n");
#endif
-#ifdef TIMES
+#if defined(TIMES) || defined(USE_TOD)
BIO_printf(bio_err,"\n");
BIO_printf(bio_err,"Available options:\n");
BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
@@ -1414,7 +1412,7 @@ end:
if (dsa_key[i] != NULL)
DSA_free(dsa_key[i]);
#endif
- EXIT(mret);
+ OPENSSL_EXIT(mret);
}
static void print_message(char *s, long num, int length)
diff --git a/crypto/openssl/apps/spkac.c b/crypto/openssl/apps/spkac.c
index 459d730a704a..94723a79c359 100644
--- a/crypto/openssl/apps/spkac.c
+++ b/crypto/openssl/apps/spkac.c
@@ -288,5 +288,5 @@ end:
BIO_free(key);
EVP_PKEY_free(pkey);
if(passin) OPENSSL_free(passin);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/verify.c b/crypto/openssl/apps/verify.c
index 47e602d4a3c6..3ff1c0f9e7d4 100644
--- a/crypto/openssl/apps/verify.c
+++ b/crypto/openssl/apps/verify.c
@@ -213,7 +213,7 @@ end:
if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
sk_X509_pop_free(untrusted, X509_free);
sk_X509_pop_free(trusted, X509_free);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
diff --git a/crypto/openssl/apps/version.c b/crypto/openssl/apps/version.c
index f5c9adc25471..b67f2d18126c 100644
--- a/crypto/openssl/apps/version.c
+++ b/crypto/openssl/apps/version.c
@@ -128,5 +128,5 @@ int MAIN(int argc, char **argv)
}
if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
end:
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c
index b9b13285f112..d20cf15267fa 100644
--- a/crypto/openssl/apps/x509.c
+++ b/crypto/openssl/apps/x509.c
@@ -121,7 +121,7 @@ static char *x509_usage[]={
" -CAkey arg - set the CA key, must be PEM format\n",
" missing, it is assumed to be in the CA file.\n",
" -CAcreateserial - create serial number file if it does not exist\n",
-" -CAserial - serial file\n",
+" -CAserial arg - serial file\n",
" -text - print the certificate in text form\n",
" -C - print out C code forms\n",
" -md2/-md5/-sha1/-mdc2 - digest to use\n",
@@ -447,7 +447,7 @@ bad:
if (extfile)
{
- long errorline;
+ long errorline = -1;
X509V3_CTX ctx2;
if (!(extconf=CONF_load(NULL,extfile,&errorline)))
{
@@ -961,7 +961,7 @@ end:
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
if (passin) OPENSSL_free(passin);
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
diff --git a/crypto/openssl/config b/crypto/openssl/config
index 40ad0fe6cf48..583fa70f6755 100755
--- a/crypto/openssl/config
+++ b/crypto/openssl/config
@@ -317,6 +317,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
*CRAY*)
echo "j90-cray-unicos"; exit 0;
;;
+
+ NONSTOP_KERNEL*)
+ echo "nsr-tandem-nsk"; exit 0;
+ ;;
esac
#
@@ -473,7 +477,8 @@ case "$GUESSOS" in
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure irix64-mips4-$CC' *manually*."
echo " Type return if you want to continue, Ctrl-C to abort."
- read waste < /dev/tty
+ # Do not stop if /dev/tty is unavailable
+ (read waste < /dev/tty) || true
CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
CPU=${CPU:-0}
if [ $CPU -ge 5000 ]; then
@@ -528,7 +533,8 @@ EOF
#echo "WARNING! If you wish to build 64-bit library, then you have to"
#echo " invoke './Configure linux64-sparcv9' *manually*."
#echo " Type return if you want to continue, Ctrl-C to abort."
- #read waste < /dev/tty
+ # Do not stop if /dev/tty is unavailable
+ #(read waste < /dev/tty) || true
OUT="linux-sparcv9" ;;
sparc-*-linux2)
KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
@@ -569,7 +575,8 @@ EOF
echo "WARNING! If you wish to build 64-bit library, then you have to"
echo " invoke './Configure solaris64-sparcv9-cc' *manually*."
echo " Type return if you want to continue, Ctrl-C to abort."
- read waste < /dev/tty
+ # Do not stop if /dev/tty is unavailable
+ (read waste < /dev/tty) || true
fi
OUT="solaris-sparcv9-$CC" ;;
sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
@@ -630,6 +637,7 @@ EOF
*-*-cygwin) OUT="Cygwin" ;;
t3e-cray-unicosmk) OUT="cray-t3e" ;;
j90-cray-unicos) OUT="cray-j90" ;;
+ nsr-tandem-nsk) OUT="tandem-c89" ;;
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac
diff --git a/crypto/openssl/crypto/Makefile.ssl b/crypto/openssl/crypto/Makefile.ssl
index f96154cacd14..727d94970335 100644
--- a/crypto/openssl/crypto/Makefile.ssl
+++ b/crypto/openssl/crypto/Makefile.ssl
@@ -34,8 +34,8 @@ SDIRS= md2 md5 sha mdc2 hmac ripemd \
GENERAL=Makefile README crypto-lib.com install.com
LIB= $(TOP)/libcrypto.a
-LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
+LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
SRC= $(LIBSRC)
@@ -129,7 +129,7 @@ lint:
depend:
if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
- $(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
if [ ! -s buildinf.h ]; then rm buildinf.h; fi
@for i in $(SDIRS) ;\
do \
@@ -185,6 +185,9 @@ mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+mem_clr.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
+mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem_clr.o: ../include/openssl/symhacks.h
mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
diff --git a/crypto/openssl/crypto/asn1/Makefile.ssl b/crypto/openssl/crypto/asn1/Makefile.ssl
index 73ef4d2ca937..329a235edc94 100644
--- a/crypto/openssl/crypto/asn1/Makefile.ssl
+++ b/crypto/openssl/crypto/asn1/Makefile.ssl
@@ -104,7 +104,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/asn1/a_sign.c b/crypto/openssl/crypto/asn1/a_sign.c
index 94829d889e0d..c5cf0e3133f6 100644
--- a/crypto/openssl/crypto/asn1/a_sign.c
+++ b/crypto/openssl/crypto/asn1/a_sign.c
@@ -199,10 +199,10 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
err:
- memset(&ctx,0,sizeof(ctx));
+ OPENSSL_cleanse(&ctx,sizeof(ctx));
if (buf_in != NULL)
- { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+ { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
if (buf_out != NULL)
- { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+ { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
return(outl);
}
diff --git a/crypto/openssl/crypto/asn1/a_strex.c b/crypto/openssl/crypto/asn1/a_strex.c
index 569b81199858..9a57eba270d9 100644
--- a/crypto/openssl/crypto/asn1/a_strex.c
+++ b/crypto/openssl/crypto/asn1/a_strex.c
@@ -519,7 +519,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
{
ASN1_STRING stmp, *str = &stmp;
int mbflag, type, ret;
- if(!*out || !in) return -1;
+ if(!in) return -1;
type = in->type;
if((type < 0) || (type > 30)) return -1;
mbflag = tag2nbyte[type];
@@ -528,6 +528,6 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
stmp.data = NULL;
ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
if(ret < 0) return ret;
- if(out) *out = stmp.data;
+ *out = stmp.data;
return stmp.length;
}
diff --git a/crypto/openssl/crypto/asn1/a_utctm.c b/crypto/openssl/crypto/asn1/a_utctm.c
index dd5955ac9fdd..1aafb663f6a3 100644
--- a/crypto/openssl/crypto/asn1/a_utctm.c
+++ b/crypto/openssl/crypto/asn1/a_utctm.c
@@ -246,6 +246,8 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
ts=(struct tm *)localtime(&t);
}
#endif
+ if (ts == NULL)
+ return(NULL);
p=(char *)s->data;
if ((p == NULL) || (s->length < 14))
{
diff --git a/crypto/openssl/crypto/asn1/a_verify.c b/crypto/openssl/crypto/asn1/a_verify.c
index 2a11927e5c1c..faa34501b98d 100644
--- a/crypto/openssl/crypto/asn1/a_verify.c
+++ b/crypto/openssl/crypto/asn1/a_verify.c
@@ -100,7 +100,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
EVP_VerifyInit(&ctx,type);
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
- memset(buf_in,0,(unsigned int)inl);
+ OPENSSL_cleanse(buf_in,(unsigned int)inl);
OPENSSL_free(buf_in);
if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
diff --git a/crypto/openssl/crypto/asn1/n_pkey.c b/crypto/openssl/crypto/asn1/n_pkey.c
index 984019353899..5f8ba3cc3203 100644
--- a/crypto/openssl/crypto/asn1/n_pkey.c
+++ b/crypto/openssl/crypto/asn1/n_pkey.c
@@ -181,7 +181,7 @@ int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
- memset(buf,0,256);
+ OPENSSL_cleanse(buf,256);
EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
@@ -292,7 +292,7 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
- memset(buf,0,256);
+ OPENSSL_cleanse(buf,256);
EVP_CIPHER_CTX_init(&ctx);
EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
diff --git a/crypto/openssl/crypto/asn1/p8_pkey.c b/crypto/openssl/crypto/asn1/p8_pkey.c
index fa6cbfb6f885..3e0ebef50775 100644
--- a/crypto/openssl/crypto/asn1/p8_pkey.c
+++ b/crypto/openssl/crypto/asn1/p8_pkey.c
@@ -119,8 +119,8 @@ void PKCS8_PRIV_KEY_INFO_free (PKCS8_PRIV_KEY_INFO *a)
X509_ALGOR_free(a->pkeyalg);
/* Clear sensitive data */
if (a->pkey->value.octet_string)
- memset (a->pkey->value.octet_string->data,
- 0, a->pkey->value.octet_string->length);
+ OPENSSL_cleanse(a->pkey->value.octet_string->data,
+ a->pkey->value.octet_string->length);
ASN1_TYPE_free (a->pkey);
sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
OPENSSL_free (a);
diff --git a/crypto/openssl/crypto/bf/Makefile.ssl b/crypto/openssl/crypto/bf/Makefile.ssl
index 2d61ec50f422..f60b2e957825 100644
--- a/crypto/openssl/crypto/bf/Makefile.ssl
+++ b/crypto/openssl/crypto/bf/Makefile.ssl
@@ -96,7 +96,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/bf/bftest.c b/crypto/openssl/crypto/bf/bftest.c
index cf67cadefd42..212edfaf622e 100644
--- a/crypto/openssl/crypto/bf/bftest.c
+++ b/crypto/openssl/crypto/bf/bftest.c
@@ -63,6 +63,8 @@
#include <string.h>
#include <stdlib.h>
+#include "../e_os.h"
+
#ifdef NO_BF
int main(int argc, char *argv[])
{
@@ -275,7 +277,7 @@ int main(int argc, char *argv[])
else
ret=test();
- exit(ret);
+ EXIT(ret);
return(0);
}
diff --git a/crypto/openssl/crypto/bio/Makefile.ssl b/crypto/openssl/crypto/bio/Makefile.ssl
index 300987309e57..76b9caf6fb7d 100644
--- a/crypto/openssl/crypto/bio/Makefile.ssl
+++ b/crypto/openssl/crypto/bio/Makefile.ssl
@@ -78,7 +78,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/bio/bio.h b/crypto/openssl/crypto/bio/bio.h
index fd3aaa05856e..d7fc0e645605 100644
--- a/crypto/openssl/crypto/bio/bio.h
+++ b/crypto/openssl/crypto/bio/bio.h
@@ -241,7 +241,7 @@ typedef struct bio_method_st
long (_far *ctrl)();
int (_far *create)();
int (_far *destroy)();
- long (_fat *callback_ctrl)();
+ long (_far *callback_ctrl)();
} BIO_METHOD;
#endif
diff --git a/crypto/openssl/crypto/bn/Makefile.ssl b/crypto/openssl/crypto/bn/Makefile.ssl
index 9e075a2b0f11..cfc2274569a2 100644
--- a/crypto/openssl/crypto/bn/Makefile.ssl
+++ b/crypto/openssl/crypto/bn/Makefile.ssl
@@ -159,7 +159,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/bn/bn.h b/crypto/openssl/crypto/bn/bn.h
index 2ea9cd7203af..c0d6b1612d51 100644
--- a/crypto/openssl/crypto/bn/bn.h
+++ b/crypto/openssl/crypto/bn/bn.h
@@ -155,7 +155,7 @@ extern "C" {
#define BN_BYTES 4
#define BN_BITS2 32
#define BN_BITS4 16
-#ifdef _MSC_VER
+#if defined(_MSC_VER) || defined(__BORLANDC__)
/* VC++ doesn't like the LL suffix */
#define BN_MASK (0xffffffffffffffffL)
#else
@@ -413,7 +413,7 @@ int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
BN_CTX *ctx);
int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
diff --git a/crypto/openssl/crypto/bn/bn_lib.c b/crypto/openssl/crypto/bn/bn_lib.c
index 7767d6517022..5f121dea1e49 100644
--- a/crypto/openssl/crypto/bn/bn_lib.c
+++ b/crypto/openssl/crypto/bn/bn_lib.c
@@ -263,12 +263,12 @@ void BN_clear_free(BIGNUM *a)
if (a == NULL) return;
if (a->d != NULL)
{
- memset(a->d,0,a->dmax*sizeof(a->d[0]));
+ OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
OPENSSL_free(a->d);
}
i=BN_get_flags(a,BN_FLG_MALLOCED);
- memset(a,0,sizeof(BIGNUM));
+ OPENSSL_cleanse(a,sizeof(BIGNUM));
if (i)
OPENSSL_free(a);
}
diff --git a/crypto/openssl/crypto/bn/bn_rand.c b/crypto/openssl/crypto/bn/bn_rand.c
index 4944ffbf232f..eb65c28cbb41 100644
--- a/crypto/openssl/crypto/bn/bn_rand.c
+++ b/crypto/openssl/crypto/bn/bn_rand.c
@@ -201,7 +201,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
err:
if (buf != NULL)
{
- memset(buf,0,bytes);
+ OPENSSL_cleanse(buf,bytes);
OPENSSL_free(buf);
}
return(ret);
diff --git a/crypto/openssl/crypto/bn/bn_word.c b/crypto/openssl/crypto/bn/bn_word.c
index cd59baa2c490..988e0ca7b37f 100644
--- a/crypto/openssl/crypto/bn/bn_word.c
+++ b/crypto/openssl/crypto/bn/bn_word.c
@@ -123,7 +123,10 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
i=0;
for (;;)
{
- l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+ if (i >= a->top)
+ l=w;
+ else
+ l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
a->d[i]=l;
if (w > l)
w=1;
diff --git a/crypto/openssl/crypto/bn/bntest.c b/crypto/openssl/crypto/bn/bntest.c
index af0c2629e87e..6ae2b4aff08c 100644
--- a/crypto/openssl/crypto/bn/bntest.c
+++ b/crypto/openssl/crypto/bn/bntest.c
@@ -139,10 +139,10 @@ int main(int argc, char *argv[])
ctx=BN_CTX_new();
- if (ctx == NULL) exit(1);
+ if (ctx == NULL) EXIT(1);
out=BIO_new(BIO_s_file());
- if (out == NULL) exit(1);
+ if (out == NULL) EXIT(1);
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -152,7 +152,7 @@ int main(int argc, char *argv[])
if (!BIO_write_filename(out,outfile))
{
perror(outfile);
- exit(1);
+ EXIT(1);
}
}
@@ -228,14 +228,14 @@ int main(int argc, char *argv[])
BIO_free(out);
/**/
- exit(0);
+ EXIT(0);
err:
BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
* the failure, see test_bn in test/Makefile.ssl*/
BIO_flush(out);
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
- exit(1);
+ EXIT(1);
return(1);
}
@@ -746,7 +746,7 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
while ((l=ERR_get_error()))
fprintf(stderr,"ERROR:%s\n",
ERR_error_string(l,NULL));
- exit(1);
+ EXIT(1);
}
if (bp != NULL)
{
diff --git a/crypto/openssl/crypto/bn/exptest.c b/crypto/openssl/crypto/bn/exptest.c
index 3e86f2ea0e0b..b3b807af387c 100644
--- a/crypto/openssl/crypto/bn/exptest.c
+++ b/crypto/openssl/crypto/bn/exptest.c
@@ -59,6 +59,9 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+
+#include "../e_os.h"
+
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/rand.h>
@@ -86,7 +89,7 @@ int main(int argc, char *argv[])
ERR_load_BN_strings();
ctx=BN_CTX_new();
- if (ctx == NULL) exit(1);
+ if (ctx == NULL) EXIT(1);
r_mont=BN_new();
r_recp=BN_new();
r_simple=BN_new();
@@ -99,7 +102,7 @@ int main(int argc, char *argv[])
out=BIO_new(BIO_s_file());
- if (out == NULL) exit(1);
+ if (out == NULL) EXIT(1);
BIO_set_fp(out,stdout,BIO_NOCLOSE);
for (i=0; i<200; i++)
@@ -124,7 +127,7 @@ int main(int argc, char *argv[])
{
printf("BN_mod_exp_mont() problems\n");
ERR_print_errors(out);
- exit(1);
+ EXIT(1);
}
ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
@@ -132,7 +135,7 @@ int main(int argc, char *argv[])
{
printf("BN_mod_exp_recp() problems\n");
ERR_print_errors(out);
- exit(1);
+ EXIT(1);
}
ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
@@ -140,7 +143,7 @@ int main(int argc, char *argv[])
{
printf("BN_mod_exp_simple() problems\n");
ERR_print_errors(out);
- exit(1);
+ EXIT(1);
}
if (BN_cmp(r_simple, r_mont) == 0
@@ -163,7 +166,7 @@ int main(int argc, char *argv[])
printf("\nrecp ="); BN_print(out,r_recp);
printf("\nmont ="); BN_print(out,r_mont);
printf("\n");
- exit(1);
+ EXIT(1);
}
}
BN_free(r_mont);
@@ -177,11 +180,11 @@ int main(int argc, char *argv[])
CRYPTO_mem_leaks(out);
BIO_free(out);
printf(" done\n");
- exit(0);
+ EXIT(0);
err:
ERR_load_crypto_strings();
ERR_print_errors(out);
- exit(1);
+ EXIT(1);
return(1);
}
diff --git a/crypto/openssl/crypto/buffer/Makefile.ssl b/crypto/openssl/crypto/buffer/Makefile.ssl
index c088ec6b3c76..a96488919961 100644
--- a/crypto/openssl/crypto/buffer/Makefile.ssl
+++ b/crypto/openssl/crypto/buffer/Makefile.ssl
@@ -68,7 +68,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/cast/Makefile.ssl b/crypto/openssl/crypto/cast/Makefile.ssl
index 0aa1cbc55a29..b60524a37821 100644
--- a/crypto/openssl/crypto/cast/Makefile.ssl
+++ b/crypto/openssl/crypto/cast/Makefile.ssl
@@ -97,7 +97,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/cast/casttest.c b/crypto/openssl/crypto/cast/casttest.c
index ab2aeac606ea..0e1034da45bc 100644
--- a/crypto/openssl/crypto/cast/casttest.c
+++ b/crypto/openssl/crypto/cast/casttest.c
@@ -60,6 +60,8 @@
#include <string.h>
#include <stdlib.h>
+#include "../e_os.h"
+
#ifdef NO_CAST
int main(int argc, char *argv[])
{
@@ -224,7 +226,7 @@ int main(int argc, char *argv[])
}
#endif
- exit(err);
+ EXIT(err);
return(err);
}
#endif
diff --git a/crypto/openssl/crypto/comp/Makefile.ssl b/crypto/openssl/crypto/comp/Makefile.ssl
index a61c7de0fba8..0bf9280609bb 100644
--- a/crypto/openssl/crypto/comp/Makefile.ssl
+++ b/crypto/openssl/crypto/comp/Makefile.ssl
@@ -71,7 +71,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/conf/Makefile.ssl b/crypto/openssl/crypto/conf/Makefile.ssl
index 1a433abacd8c..847443fa0ae9 100644
--- a/crypto/openssl/crypto/conf/Makefile.ssl
+++ b/crypto/openssl/crypto/conf/Makefile.ssl
@@ -69,7 +69,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/conf/conf_def.c b/crypto/openssl/crypto/conf/conf_def.c
index d43c9de3f5f0..adc28eebff13 100644
--- a/crypto/openssl/crypto/conf/conf_def.c
+++ b/crypto/openssl/crypto/conf/conf_def.c
@@ -224,9 +224,9 @@ static int def_load(CONF *conf, BIO *in, long *line)
section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
bufnum=0;
+ again=0;
for (;;)
{
- again=0;
if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
{
CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
@@ -237,7 +237,8 @@ static int def_load(CONF *conf, BIO *in, long *line)
BIO_gets(in, p, BUFSIZE-1);
p[BUFSIZE-1]='\0';
ii=i=strlen(p);
- if (i == 0) break;
+ if (i == 0 && !again) break;
+ again=0;
while (i > 0)
{
if ((p[i-1] != '\r') && (p[i-1] != '\n'))
@@ -247,7 +248,7 @@ static int def_load(CONF *conf, BIO *in, long *line)
}
/* we removed some trailing stuff so there is a new
* line on the end. */
- if (i == ii)
+ if (ii && i == ii)
again=1; /* long line */
else
{
diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/openssl/crypto/cryptlib.c
index 8fd2d4d26b82..aa87ffd6ec77 100644
--- a/crypto/openssl/crypto/cryptlib.c
+++ b/crypto/openssl/crypto/cryptlib.c
@@ -58,6 +58,7 @@
#include <stdio.h>
#include <string.h>
+#include <assert.h>
#include "cryptlib.h"
#include <openssl/crypto.h>
#include <openssl/safestack.h>
@@ -89,6 +90,7 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
"ssl_session",
"ssl_sess_cert",
"ssl",
+ /* "ssl_method", */
"rand",
"rand2",
"debug_malloc",
@@ -204,10 +206,18 @@ int CRYPTO_get_new_dynlockid(void)
i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
/* If there was none, push, thereby creating a new one */
if (i == -1)
- i=sk_CRYPTO_dynlock_push(dyn_locks,pointer);
+ /* Since sk_push() returns the number of items on the
+ stack, not the location of the pushed item, we need
+ to transform the returned number into a position,
+ by decreasing it. */
+ i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
+ else
+ /* If we found a place with a NULL pointer, put our pointer
+ in it. */
+ sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
- if (!i)
+ if (i == -1)
{
dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
OPENSSL_free(pointer);
@@ -399,16 +409,17 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
#endif
if (type < 0)
{
- int i = -type - 1;
- struct CRYPTO_dynlock_value *pointer
- = CRYPTO_get_dynlock_value(i);
-
- if (pointer && dynlock_lock_callback)
+ if (dynlock_lock_callback != NULL)
{
+ struct CRYPTO_dynlock_value *pointer
+ = CRYPTO_get_dynlock_value(type);
+
+ assert(pointer != NULL);
+
dynlock_lock_callback(mode, pointer, file, line);
- }
- CRYPTO_destroy_dynlockid(i);
+ CRYPTO_destroy_dynlockid(type);
+ }
}
else
if (locking_callback != NULL)
@@ -459,7 +470,7 @@ const char *CRYPTO_get_lock_name(int type)
return("dynamic");
else if (type < CRYPTO_NUM_LOCKS)
return(lock_names[type]);
- else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks))
+ else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
return("ERROR");
else
return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
diff --git a/crypto/openssl/crypto/crypto.h b/crypto/openssl/crypto/crypto.h
index 8fba87131cb5..c539c435b529 100644
--- a/crypto/openssl/crypto/crypto.h
+++ b/crypto/openssl/crypto/crypto.h
@@ -95,35 +95,38 @@ extern "C" {
* names in cryptlib.c
*/
-#define CRYPTO_LOCK_ERR 1
-#define CRYPTO_LOCK_ERR_HASH 2
-#define CRYPTO_LOCK_X509 3
-#define CRYPTO_LOCK_X509_INFO 4
-#define CRYPTO_LOCK_X509_PKEY 5
+#define CRYPTO_LOCK_ERR 1
+#define CRYPTO_LOCK_ERR_HASH 2
+#define CRYPTO_LOCK_X509 3
+#define CRYPTO_LOCK_X509_INFO 4
+#define CRYPTO_LOCK_X509_PKEY 5
#define CRYPTO_LOCK_X509_CRL 6
#define CRYPTO_LOCK_X509_REQ 7
#define CRYPTO_LOCK_DSA 8
#define CRYPTO_LOCK_RSA 9
#define CRYPTO_LOCK_EVP_PKEY 10
-#define CRYPTO_LOCK_X509_STORE 11
-#define CRYPTO_LOCK_SSL_CTX 12
-#define CRYPTO_LOCK_SSL_CERT 13
-#define CRYPTO_LOCK_SSL_SESSION 14
-#define CRYPTO_LOCK_SSL_SESS_CERT 15
-#define CRYPTO_LOCK_SSL 16
-#define CRYPTO_LOCK_RAND 17
-#define CRYPTO_LOCK_RAND2 18
-#define CRYPTO_LOCK_MALLOC 19
-#define CRYPTO_LOCK_BIO 20
-#define CRYPTO_LOCK_GETHOSTBYNAME 21
-#define CRYPTO_LOCK_GETSERVBYNAME 22
-#define CRYPTO_LOCK_READDIR 23
-#define CRYPTO_LOCK_RSA_BLINDING 24
-#define CRYPTO_LOCK_DH 25
-#define CRYPTO_LOCK_MALLOC2 26
-#define CRYPTO_LOCK_DSO 27
-#define CRYPTO_LOCK_DYNLOCK 28
-#define CRYPTO_NUM_LOCKS 29
+#define CRYPTO_LOCK_X509_STORE 11
+#define CRYPTO_LOCK_SSL_CTX 12
+#define CRYPTO_LOCK_SSL_CERT 13
+#define CRYPTO_LOCK_SSL_SESSION 14
+#define CRYPTO_LOCK_SSL_SESS_CERT 15
+#define CRYPTO_LOCK_SSL 16
+/* for binary compatibility between 0.9.6 minor versions,
+ * reuse an existing lock (later version use a new one): */
+# define CRYPTO_LOCK_SSL_METHOD CRYPTO_LOCK_SSL_CTX
+#define CRYPTO_LOCK_RAND 17
+#define CRYPTO_LOCK_RAND2 18
+#define CRYPTO_LOCK_MALLOC 19
+#define CRYPTO_LOCK_BIO 20
+#define CRYPTO_LOCK_GETHOSTBYNAME 21
+#define CRYPTO_LOCK_GETSERVBYNAME 22
+#define CRYPTO_LOCK_READDIR 23
+#define CRYPTO_LOCK_RSA_BLINDING 24
+#define CRYPTO_LOCK_DH 25
+#define CRYPTO_LOCK_MALLOC2 26
+#define CRYPTO_LOCK_DSO 27
+#define CRYPTO_LOCK_DYNLOCK 28
+#define CRYPTO_NUM_LOCKS 29
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2
@@ -145,7 +148,7 @@ extern "C" {
#endif
#else
#define CRYPTO_w_lock(a)
-#define CRYPTO_w_unlock(a)
+#define CRYPTO_w_unlock(a)
#define CRYPTO_r_lock(a)
#define CRYPTO_r_unlock(a)
#define CRYPTO_add(a,b,c) ((*(a))+=(b))
@@ -342,6 +345,8 @@ void CRYPTO_free(void *);
void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
+void OPENSSL_cleanse(void *ptr, size_t len);
+
void CRYPTO_set_mem_debug_options(long bits);
long CRYPTO_get_mem_debug_options(void);
diff --git a/crypto/openssl/crypto/des/Makefile.ssl b/crypto/openssl/crypto/des/Makefile.ssl
index 28e58f4207ff..d52a22480159 100644
--- a/crypto/openssl/crypto/des/Makefile.ssl
+++ b/crypto/openssl/crypto/des/Makefile.ssl
@@ -130,7 +130,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -192,8 +192,11 @@ qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
-read2pwd.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-read2pwd.o: ../../include/openssl/opensslconf.h des_locl.h
+read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+read2pwd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+read2pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+read2pwd.o: des_locl.h
read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
@@ -206,7 +209,10 @@ rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
set_key.o: ../../include/openssl/opensslconf.h des_locl.h
-str2key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-str2key.o: ../../include/openssl/opensslconf.h des_locl.h
+str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+str2key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+str2key.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+str2key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+str2key.o: des_locl.h
xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
diff --git a/crypto/openssl/crypto/des/des.c b/crypto/openssl/crypto/des/des.c
index 215d7413c076..470432e10fb7 100644
--- a/crypto/openssl/crypto/des/des.c
+++ b/crypto/openssl/crypto/des/des.c
@@ -86,6 +86,7 @@
#endif
#include <sys/stat.h>
#endif
+#include <openssl/crypto.h>
#include <openssl/des.h>
#include <openssl/rand.h>
@@ -423,7 +424,7 @@ void doencryption(void)
k2[i-8]=k;
}
des_set_key_unchecked(&k2,ks2);
- memset(k2,0,sizeof(k2));
+ OPENSSL_cleanse(k2,sizeof(k2));
}
else if (longk || flag3)
{
@@ -431,7 +432,7 @@ void doencryption(void)
{
des_string_to_2keys(key,&kk,&k2);
des_set_key_unchecked(&k2,ks2);
- memset(k2,0,sizeof(k2));
+ OPENSSL_cleanse(k2,sizeof(k2));
}
else
des_string_to_key(key,&kk);
@@ -453,8 +454,8 @@ void doencryption(void)
}
des_set_key_unchecked(&kk,ks);
- memset(key,0,sizeof(key));
- memset(kk,0,sizeof(kk));
+ OPENSSL_cleanse(key,sizeof(key));
+ OPENSSL_cleanse(kk,sizeof(kk));
/* woops - A bug that does not showup under unix :-( */
memset(iv,0,sizeof(iv));
memset(iv2,0,sizeof(iv2));
@@ -662,18 +663,18 @@ void doencryption(void)
if (l) fclose(CKSUM_OUT);
}
problems:
- memset(buf,0,sizeof(buf));
- memset(obuf,0,sizeof(obuf));
- memset(ks,0,sizeof(ks));
- memset(ks2,0,sizeof(ks2));
- memset(iv,0,sizeof(iv));
- memset(iv2,0,sizeof(iv2));
- memset(kk,0,sizeof(kk));
- memset(k2,0,sizeof(k2));
- memset(uubuf,0,sizeof(uubuf));
- memset(b,0,sizeof(b));
- memset(bb,0,sizeof(bb));
- memset(cksum,0,sizeof(cksum));
+ OPENSSL_cleanse(buf,sizeof(buf));
+ OPENSSL_cleanse(obuf,sizeof(obuf));
+ OPENSSL_cleanse(ks,sizeof(ks));
+ OPENSSL_cleanse(ks2,sizeof(ks2));
+ OPENSSL_cleanse(iv,sizeof(iv));
+ OPENSSL_cleanse(iv2,sizeof(iv2));
+ OPENSSL_cleanse(kk,sizeof(kk));
+ OPENSSL_cleanse(k2,sizeof(k2));
+ OPENSSL_cleanse(uubuf,sizeof(uubuf));
+ OPENSSL_cleanse(b,sizeof(b));
+ OPENSSL_cleanse(bb,sizeof(bb));
+ OPENSSL_cleanse(cksum,sizeof(cksum));
if (Exit) EXIT(Exit);
}
diff --git a/crypto/openssl/crypto/des/read2pwd.c b/crypto/openssl/crypto/des/read2pwd.c
index a8ceaf088a90..115132deecbd 100644
--- a/crypto/openssl/crypto/des/read2pwd.c
+++ b/crypto/openssl/crypto/des/read2pwd.c
@@ -57,6 +57,7 @@
*/
#include "des_locl.h"
+#include <openssl/crypto.h>
int des_read_password(des_cblock *key, const char *prompt, int verify)
{
@@ -65,8 +66,8 @@ int des_read_password(des_cblock *key, const char *prompt, int verify)
if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
des_string_to_key(buf,key);
- memset(buf,0,BUFSIZ);
- memset(buff,0,BUFSIZ);
+ OPENSSL_cleanse(buf,BUFSIZ);
+ OPENSSL_cleanse(buff,BUFSIZ);
return(ok);
}
@@ -78,7 +79,7 @@ int des_read_2passwords(des_cblock *key1, des_cblock *key2, const char *prompt,
if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
des_string_to_2keys(buf,key1,key2);
- memset(buf,0,BUFSIZ);
- memset(buff,0,BUFSIZ);
+ OPENSSL_cleanse(buf,BUFSIZ);
+ OPENSSL_cleanse(buff,BUFSIZ);
return(ok);
}
diff --git a/crypto/openssl/crypto/des/read_pwd.c b/crypto/openssl/crypto/des/read_pwd.c
index cba52cad7865..a8f15909430c 100644
--- a/crypto/openssl/crypto/des/read_pwd.c
+++ b/crypto/openssl/crypto/des/read_pwd.c
@@ -218,7 +218,7 @@ int des_read_pw_string(char *buf, int length, const char *prompt,
int ret;
ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
- memset(buff,0,BUFSIZ);
+ OPENSSL_cleanse(buff,BUFSIZ);
return(ret);
}
diff --git a/crypto/openssl/crypto/des/str2key.c b/crypto/openssl/crypto/des/str2key.c
index c6abb872012f..10e1dc174d93 100644
--- a/crypto/openssl/crypto/des/str2key.c
+++ b/crypto/openssl/crypto/des/str2key.c
@@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
+#include <openssl/crypto.h>
#include "des_locl.h"
void des_string_to_key(const char *str, des_cblock *key)
@@ -88,7 +89,7 @@ void des_string_to_key(const char *str, des_cblock *key)
des_set_odd_parity(key);
des_set_key_unchecked(key,ks);
des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
- memset(ks,0,sizeof(ks));
+ OPENSSL_cleanse(ks,sizeof(ks));
des_set_odd_parity(key);
}
@@ -149,7 +150,7 @@ void des_string_to_2keys(const char *str, des_cblock *key1, des_cblock *key2)
des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
des_set_key_unchecked(key2,ks);
des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
- memset(ks,0,sizeof(ks));
+ OPENSSL_cleanse(ks,sizeof(ks));
des_set_odd_parity(key1);
des_set_odd_parity(key2);
}
diff --git a/crypto/openssl/crypto/dh/Makefile.ssl b/crypto/openssl/crypto/dh/Makefile.ssl
index ccee00eeca2c..f0c620a69579 100644
--- a/crypto/openssl/crypto/dh/Makefile.ssl
+++ b/crypto/openssl/crypto/dh/Makefile.ssl
@@ -68,7 +68,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/dh/dhtest.c b/crypto/openssl/crypto/dh/dhtest.c
index a38465da130e..c57cac099d49 100644
--- a/crypto/openssl/crypto/dh/dhtest.c
+++ b/crypto/openssl/crypto/dh/dhtest.c
@@ -59,6 +59,9 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+
+#include "../e_os.h"
+
#ifdef WINDOWS
#include "../bio/bss_file.c"
#endif
@@ -107,7 +110,7 @@ int main(int argc, char *argv[])
RAND_seed(rnd_seed, sizeof rnd_seed);
out=BIO_new(BIO_s_file());
- if (out == NULL) exit(1);
+ if (out == NULL) EXIT(1);
BIO_set_fp(out,stdout,BIO_NOCLOSE);
a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
@@ -188,7 +191,7 @@ err:
if(b != NULL) DH_free(b);
if(a != NULL) DH_free(a);
BIO_free(out);
- exit(ret);
+ EXIT(ret);
return(ret);
}
diff --git a/crypto/openssl/crypto/dsa/Makefile.ssl b/crypto/openssl/crypto/dsa/Makefile.ssl
index 1dfdb2d76922..bf2d8bfde0ff 100644
--- a/crypto/openssl/crypto/dsa/Makefile.ssl
+++ b/crypto/openssl/crypto/dsa/Makefile.ssl
@@ -70,7 +70,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/dsa/dsatest.c b/crypto/openssl/crypto/dsa/dsatest.c
index 309a7cda8992..2a25f3fe4753 100644
--- a/crypto/openssl/crypto/dsa/dsatest.c
+++ b/crypto/openssl/crypto/dsa/dsatest.c
@@ -61,6 +61,9 @@
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
+
+#include "../e_os.h"
+
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/bio.h>
@@ -207,10 +210,16 @@ end:
BIO_free(bio_err);
bio_err = NULL;
}
- exit(!ret);
+ EXIT(!ret);
return(0);
}
+static int cb_exit(int ec)
+ {
+ EXIT(ec);
+ return(0); /* To keep some compilers quiet */
+ }
+
static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
{
char c='*';
@@ -226,7 +235,7 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
if (!ok && (p == 0) && (num > 1))
{
BIO_printf((BIO *)arg,"error in dsatest\n");
- exit(1);
+ cb_exit(1);
}
}
#endif
diff --git a/crypto/openssl/crypto/dso/Makefile.ssl b/crypto/openssl/crypto/dso/Makefile.ssl
index 33630e0bbb25..1fe2fd7f40c9 100644
--- a/crypto/openssl/crypto/dso/Makefile.ssl
+++ b/crypto/openssl/crypto/dso/Makefile.ssl
@@ -70,7 +70,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/err/Makefile.ssl b/crypto/openssl/crypto/err/Makefile.ssl
index 33348217cdef..bf634f89927d 100644
--- a/crypto/openssl/crypto/err/Makefile.ssl
+++ b/crypto/openssl/crypto/err/Makefile.ssl
@@ -68,7 +68,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/err/err_all.c b/crypto/openssl/crypto/err/err_all.c
index 5449a31c4e94..638ed3fe715d 100644
--- a/crypto/openssl/crypto/err/err_all.c
+++ b/crypto/openssl/crypto/err/err_all.c
@@ -1,5 +1,4 @@
/* crypto/err/err_all.c */
-/* $FreeBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
diff --git a/crypto/openssl/crypto/evp/Makefile.ssl b/crypto/openssl/crypto/evp/Makefile.ssl
index fb9945db1684..e8499190cc1e 100644
--- a/crypto/openssl/crypto/evp/Makefile.ssl
+++ b/crypto/openssl/crypto/evp/Makefile.ssl
@@ -87,7 +87,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/evp/bio_enc.c b/crypto/openssl/crypto/evp/bio_enc.c
index c425a971afb2..a04e8b11b255 100644
--- a/crypto/openssl/crypto/evp/bio_enc.c
+++ b/crypto/openssl/crypto/evp/bio_enc.c
@@ -128,7 +128,7 @@ static int enc_free(BIO *a)
if (a == NULL) return(0);
b=(BIO_ENC_CTX *)a->ptr;
EVP_CIPHER_CTX_cleanup(&(b->cipher));
- memset(a->ptr,0,sizeof(BIO_ENC_CTX));
+ OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
OPENSSL_free(a->ptr);
a->ptr=NULL;
a->init=0;
diff --git a/crypto/openssl/crypto/evp/bio_ok.c b/crypto/openssl/crypto/evp/bio_ok.c
index e617ce1d4370..e884552a4470 100644
--- a/crypto/openssl/crypto/evp/bio_ok.c
+++ b/crypto/openssl/crypto/evp/bio_ok.c
@@ -208,7 +208,7 @@ static int ok_new(BIO *bi)
static int ok_free(BIO *a)
{
if (a == NULL) return(0);
- memset(a->ptr,0,sizeof(BIO_OK_CTX));
+ OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
OPENSSL_free(a->ptr);
a->ptr=NULL;
a->init=0;
diff --git a/crypto/openssl/crypto/evp/c_allc.c b/crypto/openssl/crypto/evp/c_allc.c
index 0820557fdbf5..f24d3756c904 100644
--- a/crypto/openssl/crypto/evp/c_allc.c
+++ b/crypto/openssl/crypto/evp/c_allc.c
@@ -64,10 +64,6 @@
void OpenSSL_add_all_ciphers(void)
{
- static int done=0;
-
- if (done) return;
- done=1;
#ifndef NO_DES
EVP_add_cipher(EVP_des_cfb());
EVP_add_cipher(EVP_des_ede_cfb());
diff --git a/crypto/openssl/crypto/evp/c_alld.c b/crypto/openssl/crypto/evp/c_alld.c
index 41695df1067b..bbf059eb85e2 100644
--- a/crypto/openssl/crypto/evp/c_alld.c
+++ b/crypto/openssl/crypto/evp/c_alld.c
@@ -64,10 +64,6 @@
void OpenSSL_add_all_digests(void)
{
- static int done=0;
-
- if (done) return;
- done=1;
#ifndef NO_MD2
EVP_add_digest(EVP_md2());
#endif
diff --git a/crypto/openssl/crypto/evp/e_idea.c b/crypto/openssl/crypto/evp/e_idea.c
index 8d3c88deb710..50f7503f32d7 100644
--- a/crypto/openssl/crypto/evp/e_idea.c
+++ b/crypto/openssl/crypto/evp/e_idea.c
@@ -103,7 +103,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
idea_set_encrypt_key(key,&tmp);
idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
- memset((unsigned char *)&tmp,0,
+ OPENSSL_cleanse((unsigned char *)&tmp,
sizeof(IDEA_KEY_SCHEDULE));
}
return 1;
diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h
index e22089aebe72..dd1b8fa2b8e0 100644
--- a/crypto/openssl/crypto/evp/evp.h
+++ b/crypto/openssl/crypto/evp/evp.h
@@ -54,8 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD$
*/
#ifndef HEADER_ENVELOPE_H
diff --git a/crypto/openssl/crypto/evp/evp_key.c b/crypto/openssl/crypto/evp/evp_key.c
index e7434ef9b270..a31af2924e2e 100644
--- a/crypto/openssl/crypto/evp/evp_key.c
+++ b/crypto/openssl/crypto/evp/evp_key.c
@@ -152,8 +152,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
}
if ((nkey == 0) && (niv == 0)) break;
}
- memset(&c,0,sizeof(c));
- memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+ OPENSSL_cleanse(&c,sizeof(c));
+ OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
return(type->key_len);
}
diff --git a/crypto/openssl/crypto/evp/p5_crpt.c b/crypto/openssl/crypto/evp/p5_crpt.c
index 6bfa2c5acb17..0422fa588318 100644
--- a/crypto/openssl/crypto/evp/p5_crpt.c
+++ b/crypto/openssl/crypto/evp/p5_crpt.c
@@ -142,8 +142,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
EVP_CIPHER_iv_length(cipher));
EVP_CipherInit(cctx, cipher, key, iv, en_de);
- memset(md_tmp, 0, EVP_MAX_MD_SIZE);
- memset(key, 0, EVP_MAX_KEY_LENGTH);
- memset(iv, 0, EVP_MAX_IV_LENGTH);
+ OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+ OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
return 1;
}
diff --git a/crypto/openssl/crypto/evp/p5_crpt2.c b/crypto/openssl/crypto/evp/p5_crpt2.c
index 717fad68ca8f..74c8769e460a 100644
--- a/crypto/openssl/crypto/evp/p5_crpt2.c
+++ b/crypto/openssl/crypto/evp/p5_crpt2.c
@@ -228,7 +228,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
iter = ASN1_INTEGER_get(kdf->iter);
PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
EVP_CipherInit(ctx, NULL, key, NULL, en_de);
- memset(key, 0, keylen);
+ OPENSSL_cleanse(key, keylen);
PBKDF2PARAM_free(kdf);
return 1;
diff --git a/crypto/openssl/crypto/evp/p_open.c b/crypto/openssl/crypto/evp/p_open.c
index 2760c00fec10..c766a3a912bc 100644
--- a/crypto/openssl/crypto/evp/p_open.c
+++ b/crypto/openssl/crypto/evp/p_open.c
@@ -101,7 +101,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek,
ret=1;
err:
- if (key != NULL) memset(key,0,size);
+ if (key != NULL) OPENSSL_cleanse(key,size);
OPENSSL_free(key);
return(ret);
}
diff --git a/crypto/openssl/crypto/hmac/Makefile.ssl b/crypto/openssl/crypto/hmac/Makefile.ssl
index ed3c8c64d1ca..4d36069f1d21 100644
--- a/crypto/openssl/crypto/hmac/Makefile.ssl
+++ b/crypto/openssl/crypto/hmac/Makefile.ssl
@@ -68,7 +68,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/hmac/hmactest.c b/crypto/openssl/crypto/hmac/hmactest.c
index 4b56b8ee1355..3bc476b9c770 100644
--- a/crypto/openssl/crypto/hmac/hmactest.c
+++ b/crypto/openssl/crypto/hmac/hmactest.c
@@ -60,6 +60,8 @@
#include <string.h>
#include <stdlib.h>
+#include "../e_os.h"
+
#ifdef NO_HMAC
int main(int argc, char *argv[])
{
@@ -143,7 +145,7 @@ int main(int argc, char *argv[])
else
printf("test %d ok\n",i);
}
- exit(err);
+ EXIT(err);
return(0);
}
diff --git a/crypto/openssl/crypto/idea/Makefile.ssl b/crypto/openssl/crypto/idea/Makefile.ssl
index 8923d7d066ca..bc5c5f04c52b 100644
--- a/crypto/openssl/crypto/idea/Makefile.ssl
+++ b/crypto/openssl/crypto/idea/Makefile.ssl
@@ -1,6 +1,5 @@
#
# SSLeay/crypto/idea/Makefile
-# $FreeBSD$
#
DIR= idea
@@ -69,7 +68,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/idea/i_cbc.c b/crypto/openssl/crypto/idea/i_cbc.c
index d141cc2e2e8f..ecb9cb8b8367 100644
--- a/crypto/openssl/crypto/idea/i_cbc.c
+++ b/crypto/openssl/crypto/idea/i_cbc.c
@@ -54,7 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- * $FreeBSD$
*/
#include <openssl/idea.h>
diff --git a/crypto/openssl/crypto/idea/i_cfb64.c b/crypto/openssl/crypto/idea/i_cfb64.c
index 6f7e364fcb5a..66d49d520eb3 100644
--- a/crypto/openssl/crypto/idea/i_cfb64.c
+++ b/crypto/openssl/crypto/idea/i_cfb64.c
@@ -54,7 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- * $FreeBSD$
*/
#include <openssl/idea.h>
diff --git a/crypto/openssl/crypto/idea/i_ecb.c b/crypto/openssl/crypto/idea/i_ecb.c
index 3789cb523294..fb613db595c4 100644
--- a/crypto/openssl/crypto/idea/i_ecb.c
+++ b/crypto/openssl/crypto/idea/i_ecb.c
@@ -54,7 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- * $FreeBSD$
*/
#include <openssl/idea.h>
diff --git a/crypto/openssl/crypto/idea/i_ofb64.c b/crypto/openssl/crypto/idea/i_ofb64.c
index b3397f9a8e11..e749e88e34ae 100644
--- a/crypto/openssl/crypto/idea/i_ofb64.c
+++ b/crypto/openssl/crypto/idea/i_ofb64.c
@@ -54,7 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- * $FreeBSD$
*/
#include <openssl/idea.h>
diff --git a/crypto/openssl/crypto/idea/i_skey.c b/crypto/openssl/crypto/idea/i_skey.c
index 5fea5cc2f675..1c95bc9c7b88 100644
--- a/crypto/openssl/crypto/idea/i_skey.c
+++ b/crypto/openssl/crypto/idea/i_skey.c
@@ -54,7 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- * $FreeBSD$
*/
#include <openssl/idea.h>
diff --git a/crypto/openssl/crypto/idea/idea.h b/crypto/openssl/crypto/idea/idea.h
index 31d3c895af99..f14adf83985e 100644
--- a/crypto/openssl/crypto/idea/idea.h
+++ b/crypto/openssl/crypto/idea/idea.h
@@ -54,7 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- * $FreeBSD$
*/
#ifndef HEADER_IDEA_H
diff --git a/crypto/openssl/crypto/idea/idea_lcl.h b/crypto/openssl/crypto/idea/idea_lcl.h
index 019059977145..463aa36ce9c0 100644
--- a/crypto/openssl/crypto/idea/idea_lcl.h
+++ b/crypto/openssl/crypto/idea/idea_lcl.h
@@ -54,7 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- * $FreeBSD$
*/
/* The new form of this macro (check if the a*b == 0) was suggested by
diff --git a/crypto/openssl/crypto/idea/idea_spd.c b/crypto/openssl/crypto/idea/idea_spd.c
index aefe1783b601..301946b19846 100644
--- a/crypto/openssl/crypto/idea/idea_spd.c
+++ b/crypto/openssl/crypto/idea/idea_spd.c
@@ -54,7 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- * $FreeBSD$
*/
/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
diff --git a/crypto/openssl/crypto/idea/ideatest.c b/crypto/openssl/crypto/idea/ideatest.c
index 810f351713ec..01d43adb19da 100644
--- a/crypto/openssl/crypto/idea/ideatest.c
+++ b/crypto/openssl/crypto/idea/ideatest.c
@@ -54,13 +54,14 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- * $FreeBSD$
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
+#include "../e_os.h"
+
#ifdef NO_IDEA
int main(int argc, char *argv[])
{
@@ -168,7 +169,7 @@ int main(int argc, char *argv[])
else
printf("ok\n");
- exit(err);
+ EXIT(err);
return(err);
}
diff --git a/crypto/openssl/crypto/idea/version b/crypto/openssl/crypto/idea/version
index c269d8531e4d..3f2229379549 100644
--- a/crypto/openssl/crypto/idea/version
+++ b/crypto/openssl/crypto/idea/version
@@ -1,4 +1,3 @@
-# $FreeBSD$
1.1 07/12/95 - eay
Many thanks to Rhys Weatherley <rweather@us.oracle.com>
for pointing out that I was assuming little endian byte
diff --git a/crypto/openssl/crypto/lhash/Makefile.ssl b/crypto/openssl/crypto/lhash/Makefile.ssl
index 60bb6b12e406..7a706e25f14f 100644
--- a/crypto/openssl/crypto/lhash/Makefile.ssl
+++ b/crypto/openssl/crypto/lhash/Makefile.ssl
@@ -68,7 +68,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/md2/Makefile.ssl b/crypto/openssl/crypto/md2/Makefile.ssl
index cda8385347eb..ecb80115fd6e 100644
--- a/crypto/openssl/crypto/md2/Makefile.ssl
+++ b/crypto/openssl/crypto/md2/Makefile.ssl
@@ -68,7 +68,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -79,8 +79,10 @@ clean:
# DO NOT DELETE THIS LINE -- make depend depends on it.
-md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
-md2_dgst.o: ../../include/openssl/opensslv.h
+md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/md2.h
+md2_dgst.o: ../../include/openssl/opensslconf.h
+md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md2_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
diff --git a/crypto/openssl/crypto/md2/md2_dgst.c b/crypto/openssl/crypto/md2/md2_dgst.c
index 608baefa8f34..fc25280469a4 100644
--- a/crypto/openssl/crypto/md2/md2_dgst.c
+++ b/crypto/openssl/crypto/md2/md2_dgst.c
@@ -61,6 +61,7 @@
#include <string.h>
#include <openssl/md2.h>
#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT;
@@ -194,7 +195,7 @@ static void md2_block(MD2_CTX *c, const unsigned char *d)
t=(t+i)&0xff;
}
memcpy(sp1,state,16*sizeof(MD2_INT));
- memset(state,0,48*sizeof(MD2_INT));
+ OPENSSL_cleanse(state,48*sizeof(MD2_INT));
}
void MD2_Final(unsigned char *md, MD2_CTX *c)
diff --git a/crypto/openssl/crypto/md2/md2_one.c b/crypto/openssl/crypto/md2/md2_one.c
index b12c37ce4def..835160ef56d1 100644
--- a/crypto/openssl/crypto/md2/md2_one.c
+++ b/crypto/openssl/crypto/md2/md2_one.c
@@ -88,6 +88,6 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
}
#endif
MD2_Final(md,&c);
- memset(&c,0,sizeof(c)); /* Security consideration */
+ OPENSSL_cleanse(&c,sizeof(c)); /* Security consideration */
return(md);
}
diff --git a/crypto/openssl/crypto/md2/md2test.c b/crypto/openssl/crypto/md2/md2test.c
index e3f4fb4c341a..4d7231753bed 100644
--- a/crypto/openssl/crypto/md2/md2test.c
+++ b/crypto/openssl/crypto/md2/md2test.c
@@ -60,6 +60,8 @@
#include <stdlib.h>
#include <string.h>
+#include "../e_os.h"
+
#ifdef NO_MD2
int main(int argc, char *argv[])
{
@@ -119,7 +121,7 @@ int main(int argc, char *argv[])
R++;
P++;
}
- exit(err);
+ EXIT(err);
return(0);
}
diff --git a/crypto/openssl/crypto/md32_common.h b/crypto/openssl/crypto/md32_common.h
index ad7c4194c243..07f6010c4eaf 100644
--- a/crypto/openssl/crypto/md32_common.h
+++ b/crypto/openssl/crypto/md32_common.h
@@ -602,6 +602,6 @@ void HASH_FINAL (unsigned char *md, HASH_CTX *c)
c->num=0;
/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
* but I'm not worried :-)
- memset((void *)c,0,sizeof(HASH_CTX));
+ OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
*/
}
diff --git a/crypto/openssl/crypto/md4/Makefile.ssl b/crypto/openssl/crypto/md4/Makefile.ssl
index bc38badb0a2b..1843a3f7c027 100644
--- a/crypto/openssl/crypto/md4/Makefile.ssl
+++ b/crypto/openssl/crypto/md4/Makefile.ssl
@@ -69,7 +69,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -82,4 +82,6 @@ clean:
md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_locl.h
-md4_one.o: ../../include/openssl/md4.h
+md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/md4.h
+md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md4_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/crypto/openssl/crypto/md4/md4_one.c b/crypto/openssl/crypto/md4/md4_one.c
index 87a995d38d43..00565507e4bb 100644
--- a/crypto/openssl/crypto/md4/md4_one.c
+++ b/crypto/openssl/crypto/md4/md4_one.c
@@ -59,6 +59,7 @@
#include <stdio.h>
#include <string.h>
#include <openssl/md4.h>
+#include <openssl/crypto.h>
#ifdef CHARSET_EBCDIC
#include <openssl/ebcdic.h>
@@ -89,7 +90,7 @@ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
}
#endif
MD4_Final(md,&c);
- memset(&c,0,sizeof(c)); /* security consideration */
+ OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
return(md);
}
diff --git a/crypto/openssl/crypto/md4/md4test.c b/crypto/openssl/crypto/md4/md4test.c
index 97e6e21efd15..faa9e84a9a3d 100644
--- a/crypto/openssl/crypto/md4/md4test.c
+++ b/crypto/openssl/crypto/md4/md4test.c
@@ -60,6 +60,8 @@
#include <string.h>
#include <stdlib.h>
+#include "../e_os.h"
+
#ifdef NO_MD4
int main(int argc, char *argv[])
{
@@ -115,7 +117,7 @@ int main(int argc, char *argv[])
R++;
P++;
}
- exit(err);
+ EXIT(err);
return(0);
}
diff --git a/crypto/openssl/crypto/md5/Makefile.ssl b/crypto/openssl/crypto/md5/Makefile.ssl
index e5ec4a21ae33..ebd356cb3fa9 100644
--- a/crypto/openssl/crypto/md5/Makefile.ssl
+++ b/crypto/openssl/crypto/md5/Makefile.ssl
@@ -118,7 +118,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -131,4 +131,6 @@ clean:
md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
-md5_one.o: ../../include/openssl/md5.h
+md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/md5.h
+md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md5_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/crypto/openssl/crypto/md5/md5_one.c b/crypto/openssl/crypto/md5/md5_one.c
index b89dec850d2d..c5dd2d81db49 100644
--- a/crypto/openssl/crypto/md5/md5_one.c
+++ b/crypto/openssl/crypto/md5/md5_one.c
@@ -59,6 +59,7 @@
#include <stdio.h>
#include <string.h>
#include <openssl/md5.h>
+#include <openssl/crypto.h>
#ifdef CHARSET_EBCDIC
#include <openssl/ebcdic.h>
@@ -89,7 +90,7 @@ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
}
#endif
MD5_Final(md,&c);
- memset(&c,0,sizeof(c)); /* security consideration */
+ OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
return(md);
}
diff --git a/crypto/openssl/crypto/md5/md5test.c b/crypto/openssl/crypto/md5/md5test.c
index 6bd86563020e..e3258cc0bf10 100644
--- a/crypto/openssl/crypto/md5/md5test.c
+++ b/crypto/openssl/crypto/md5/md5test.c
@@ -60,6 +60,8 @@
#include <string.h>
#include <stdlib.h>
+#include "../e_os.h"
+
#ifdef NO_MD5
int main(int argc, char *argv[])
{
@@ -115,7 +117,7 @@ int main(int argc, char *argv[])
R++;
P++;
}
- exit(err);
+ EXIT(err);
return(0);
}
diff --git a/crypto/openssl/crypto/mdc2/Makefile.ssl b/crypto/openssl/crypto/mdc2/Makefile.ssl
index 4b1b3e36961a..92be945f91d4 100644
--- a/crypto/openssl/crypto/mdc2/Makefile.ssl
+++ b/crypto/openssl/crypto/mdc2/Makefile.ssl
@@ -68,7 +68,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/mdc2/mdc2_one.c b/crypto/openssl/crypto/mdc2/mdc2_one.c
index 6cd141b4d621..37f06c8d77cf 100644
--- a/crypto/openssl/crypto/mdc2/mdc2_one.c
+++ b/crypto/openssl/crypto/mdc2/mdc2_one.c
@@ -69,7 +69,7 @@ unsigned char *MDC2(const unsigned char *d, unsigned long n, unsigned char *md)
MDC2_Init(&c);
MDC2_Update(&c,d,n);
MDC2_Final(md,&c);
- memset(&c,0,sizeof(c)); /* security consideration */
+ OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
return(md);
}
diff --git a/crypto/openssl/crypto/mdc2/mdc2test.c b/crypto/openssl/crypto/mdc2/mdc2test.c
index 46c25aeff4c6..bad02979ee0e 100644
--- a/crypto/openssl/crypto/mdc2/mdc2test.c
+++ b/crypto/openssl/crypto/mdc2/mdc2test.c
@@ -60,6 +60,8 @@
#include <stdlib.h>
#include <string.h>
+#include "../e_os.h"
+
#if defined(NO_DES) && !defined(NO_MDC2)
#define NO_MDC2
#endif
@@ -134,7 +136,7 @@ int main(int argc, char *argv[])
else
printf("pad2 - ok\n");
- exit(ret);
+ EXIT(ret);
return(ret);
}
#endif
diff --git a/crypto/openssl/crypto/mem.c b/crypto/openssl/crypto/mem.c
index 9df2a367e7e2..0df0a2a5491d 100644
--- a/crypto/openssl/crypto/mem.c
+++ b/crypto/openssl/crypto/mem.c
@@ -173,6 +173,9 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
void *CRYPTO_malloc_locked(int num, const char *file, int line)
{
void *ret = NULL;
+ extern unsigned char cleanse_ctr;
+
+ if (num < 0) return NULL;
allow_customize = 0;
if (malloc_debug_func != NULL)
@@ -187,6 +190,12 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
if (malloc_debug_func != NULL)
malloc_debug_func(ret, num, file, line, 1);
+ /* Create a dependency on the value of 'cleanse_ctr' so our memory
+ * sanitisation function can't be optimised out. NB: We only do
+ * this for >2Kb so the overhead doesn't bother us. */
+ if(ret && (num > 2048))
+ ((unsigned char *)ret)[0] = cleanse_ctr;
+
return ret;
}
@@ -205,6 +214,9 @@ void CRYPTO_free_locked(void *str)
void *CRYPTO_malloc(int num, const char *file, int line)
{
void *ret = NULL;
+ extern unsigned char cleanse_ctr;
+
+ if (num < 0) return NULL;
allow_customize = 0;
if (malloc_debug_func != NULL)
@@ -219,6 +231,12 @@ void *CRYPTO_malloc(int num, const char *file, int line)
if (malloc_debug_func != NULL)
malloc_debug_func(ret, num, file, line, 1);
+ /* Create a dependency on the value of 'cleanse_ctr' so our memory
+ * sanitisation function can't be optimised out. NB: We only do
+ * this for >2Kb so the overhead doesn't bother us. */
+ if(ret && (num > 2048))
+ ((unsigned char *)ret)[0] = cleanse_ctr;
+
return ret;
}
@@ -229,6 +247,8 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
if (str == NULL)
return CRYPTO_malloc(num, file, line);
+ if (num < 0) return NULL;
+
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
ret = realloc_func(str,num);
diff --git a/crypto/openssl/crypto/mem_dbg.c b/crypto/openssl/crypto/mem_dbg.c
index ef19d8f84489..5d3547790fdf 100644
--- a/crypto/openssl/crypto/mem_dbg.c
+++ b/crypto/openssl/crypto/mem_dbg.c
@@ -102,6 +102,8 @@ typedef struct app_mem_info_st
int references;
} APP_INFO;
+static void app_info_free(APP_INFO *);
+
static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
* that are at the top of their thread's stack
* (with `thread' as key);
@@ -140,6 +142,18 @@ static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0.
* thread named in disabling_thread).
*/
+static void app_info_free(APP_INFO *inf)
+ {
+ if (--(inf->references) <= 0)
+ {
+ if (inf->next != NULL)
+ {
+ app_info_free(inf->next);
+ }
+ OPENSSL_free(inf);
+ }
+ }
+
int CRYPTO_mem_ctrl(int mode)
{
int ret=mh_mode;
@@ -496,9 +510,7 @@ void CRYPTO_dbg_free(void *addr, int before_p)
mp->order, mp->addr, mp->num);
#endif
if (mp->app_info != NULL)
- {
- mp->app_info->references--;
- }
+ app_info_free(mp->app_info);
OPENSSL_free(mp);
}
diff --git a/crypto/openssl/crypto/objects/Makefile.ssl b/crypto/openssl/crypto/objects/Makefile.ssl
index 7b1c51cdb128..bcce2fa085eb 100644
--- a/crypto/openssl/crypto/objects/Makefile.ssl
+++ b/crypto/openssl/crypto/objects/Makefile.ssl
@@ -76,7 +76,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/objects/obj_dat.c b/crypto/openssl/crypto/objects/obj_dat.c
index 41fdf6e7b2cc..76f2e05f5080 100644
--- a/crypto/openssl/crypto/objects/obj_dat.c
+++ b/crypto/openssl/crypto/objects/obj_dat.c
@@ -417,7 +417,7 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
a2d_ASN1_OBJECT(p,i,s,-1);
p=buf;
- op=d2i_ASN1_OBJECT(NULL,&p,i);
+ op=d2i_ASN1_OBJECT(NULL,&p,j);
OPENSSL_free(buf);
return op;
}
diff --git a/crypto/openssl/crypto/objects/obj_dat.h b/crypto/openssl/crypto/objects/obj_dat.h
index 63e11f73547a..b8423af2f109 100644
--- a/crypto/openssl/crypto/objects/obj_dat.h
+++ b/crypto/openssl/crypto/objects/obj_dat.h
@@ -62,12 +62,12 @@
* [including the GNU Public Licence.]
*/
-#define NUM_NID 404
-#define NUM_SN 402
-#define NUM_LN 402
-#define NUM_OBJ 376
+#define NUM_NID 406
+#define NUM_SN 404
+#define NUM_LN 404
+#define NUM_OBJ 378
-static unsigned char lvalues[2951]={
+static unsigned char lvalues[2971]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
@@ -444,6 +444,8 @@ static unsigned char lvalues[2951]={
0x55,0x1D,0x24, /* [2941] OBJ_policy_constraints */
0x55,0x1D,0x37, /* [2944] OBJ_target_information */
0x55,0x1D,0x38, /* [2947] OBJ_no_rev_avail */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [2950] OBJ_ms_smartcard_login */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [2960] OBJ_ms_upn */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -1075,6 +1077,10 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
&(lvalues[2944]),0},
{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
&(lvalues[2947]),0},
+{"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
+ 10,&(lvalues[2950]),0},
+{"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
+ &(lvalues[2960]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -1417,6 +1423,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[138]),/* "msEFS" */
&(nid_objs[171]),/* "msExtReq" */
&(nid_objs[137]),/* "msSGC" */
+&(nid_objs[404]),/* "msSmartcardLogin" */
+&(nid_objs[405]),/* "msUPN" */
&(nid_objs[173]),/* "name" */
&(nid_objs[369]),/* "noCheck" */
&(nid_objs[403]),/* "noRevAvail" */
@@ -1510,7 +1518,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[171]),/* "Microsoft Extension Request" */
&(nid_objs[134]),/* "Microsoft Individual Code Signing" */
&(nid_objs[137]),/* "Microsoft Server Gated Crypto" */
+&(nid_objs[404]),/* "Microsoft Smartcardlogin" */
&(nid_objs[136]),/* "Microsoft Trust List Signing" */
+&(nid_objs[405]),/* "Microsoft Universal Principal Name" */
&(nid_objs[72]),/* "Netscape Base Url" */
&(nid_objs[76]),/* "Netscape CA Policy Url" */
&(nid_objs[74]),/* "Netscape CA Revocation Url" */
@@ -2196,6 +2206,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[136]),/* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */
&(nid_objs[137]),/* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */
&(nid_objs[138]),/* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */
+&(nid_objs[404]),/* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */
+&(nid_objs[405]),/* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */
&(nid_objs[196]),/* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */
&(nid_objs[197]),/* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */
&(nid_objs[198]),/* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */
diff --git a/crypto/openssl/crypto/objects/obj_mac.h b/crypto/openssl/crypto/objects/obj_mac.h
index a2a960ee370d..8e8952d2936d 100644
--- a/crypto/openssl/crypto/objects/obj_mac.h
+++ b/crypto/openssl/crypto/objects/obj_mac.h
@@ -780,6 +780,16 @@
#define NID_ms_efs 138
#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+#define SN_ms_smartcard_login "msSmartcardLogin"
+#define LN_ms_smartcard_login "Microsoft Smartcardlogin"
+#define NID_ms_smartcard_login 404
+#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+
+#define SN_ms_upn "msUPN"
+#define LN_ms_upn "Microsoft Universal Principal Name"
+#define NID_ms_upn 405
+#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+
#define SN_idea_cbc "IDEA-CBC"
#define LN_idea_cbc "idea-cbc"
#define NID_idea_cbc 34
diff --git a/crypto/openssl/crypto/objects/obj_mac.num b/crypto/openssl/crypto/objects/obj_mac.num
index a6baa8c5f953..1e73da17813e 100644
--- a/crypto/openssl/crypto/objects/obj_mac.num
+++ b/crypto/openssl/crypto/objects/obj_mac.num
@@ -401,3 +401,5 @@ role 400
policy_constraints 401
target_information 402
no_rev_avail 403
+ms_smartcard_login 404
+ms_upn 405
diff --git a/crypto/openssl/crypto/objects/objects.txt b/crypto/openssl/crypto/objects/objects.txt
index fb73408f4657..a5f6c3759ba6 100644
--- a/crypto/openssl/crypto/objects/objects.txt
+++ b/crypto/openssl/crypto/objects/objects.txt
@@ -246,6 +246,10 @@ rsadsi 3 8 : RC5-CBC : rc5-cbc
1 3 6 1 4 1 311 10 3 3 : msSGC : Microsoft Server Gated Crypto
!Cname ms-efs
1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System
+!Cname ms-smartcard-login
+1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcardlogin
+!Cname ms-upn
+1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal Name
1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc
: IDEA-ECB : idea-ecb
diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h
index b6ae9458cc5c..6806ef725fa8 100644
--- a/crypto/openssl/crypto/opensslv.h
+++ b/crypto/openssl/crypto/opensslv.h
@@ -25,8 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x0090607fL
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6g 9 Aug 2002"
+#define OPENSSL_VERSION_NUMBER 0x0090609fL
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6i Feb 19 2003"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/openssl/crypto/pem/Makefile.ssl b/crypto/openssl/crypto/pem/Makefile.ssl
index 111dbc1ae460..1788f3fecd13 100644
--- a/crypto/openssl/crypto/pem/Makefile.ssl
+++ b/crypto/openssl/crypto/pem/Makefile.ssl
@@ -69,7 +69,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/pem/pem_info.c b/crypto/openssl/crypto/pem/pem_info.c
index ef02599d55b5..2453e933dcdb 100644
--- a/crypto/openssl/crypto/pem/pem_info.c
+++ b/crypto/openssl/crypto/pem/pem_info.c
@@ -358,7 +358,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
ret=1;
err:
- memset((char *)&ctx,0,sizeof(ctx));
- memset(buf,0,PEM_BUFSIZE);
+ OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+ OPENSSL_cleanse(buf,PEM_BUFSIZE);
return(ret);
}
diff --git a/crypto/openssl/crypto/pem/pem_lib.c b/crypto/openssl/crypto/pem/pem_lib.c
index 01759f75c3b5..e024bd787304 100644
--- a/crypto/openssl/crypto/pem/pem_lib.c
+++ b/crypto/openssl/crypto/pem/pem_lib.c
@@ -380,7 +380,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
* NOT taken from the BytesToKey function */
EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
- if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+ if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
buf[0]='\0';
PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
@@ -401,12 +401,15 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
i=PEM_write_bio(bp,name,buf,data,i);
if (i <= 0) ret=0;
err:
- memset(key,0,sizeof(key));
- memset(iv,0,sizeof(iv));
- memset((char *)&ctx,0,sizeof(ctx));
- memset(buf,0,PEM_BUFSIZE);
- memset(data,0,(unsigned int)dsize);
- OPENSSL_free(data);
+ OPENSSL_cleanse(key,sizeof(key));
+ OPENSSL_cleanse(iv,sizeof(iv));
+ OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+ OPENSSL_cleanse(buf,PEM_BUFSIZE);
+ if (data != NULL)
+ {
+ OPENSSL_cleanse(data,(unsigned int)dsize);
+ OPENSSL_free(data);
+ }
return(ret);
}
@@ -444,8 +447,8 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
EVP_DecryptUpdate(&ctx,data,&i,data,j);
o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
EVP_CIPHER_CTX_cleanup(&ctx);
- memset((char *)buf,0,sizeof(buf));
- memset((char *)key,0,sizeof(key));
+ OPENSSL_cleanse((char *)buf,sizeof(buf));
+ OPENSSL_cleanse((char *)key,sizeof(key));
j+=i;
if (!o)
{
diff --git a/crypto/openssl/crypto/pem/pem_seal.c b/crypto/openssl/crypto/pem/pem_seal.c
index 2a6c5133481a..ed1d3412cfd1 100644
--- a/crypto/openssl/crypto/pem/pem_seal.c
+++ b/crypto/openssl/crypto/pem/pem_seal.c
@@ -109,7 +109,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
ret=npubk;
err:
if (s != NULL) OPENSSL_free(s);
- memset(key,0,EVP_MAX_KEY_LENGTH);
+ OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
return(ret);
}
diff --git a/crypto/openssl/crypto/pkcs12/Makefile.ssl b/crypto/openssl/crypto/pkcs12/Makefile.ssl
index c92dd276398c..7a4994812a01 100644
--- a/crypto/openssl/crypto/pkcs12/Makefile.ssl
+++ b/crypto/openssl/crypto/pkcs12/Makefile.ssl
@@ -74,7 +74,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/pkcs12/p12_crpt.c b/crypto/openssl/crypto/pkcs12/p12_crpt.c
index 7b96584f07d7..17d8d546f17c 100644
--- a/crypto/openssl/crypto/pkcs12/p12_crpt.c
+++ b/crypto/openssl/crypto/pkcs12/p12_crpt.c
@@ -118,7 +118,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
}
PBEPARAM_free(pbe);
EVP_CipherInit(ctx, cipher, key, iv, en_de);
- memset(key, 0, EVP_MAX_KEY_LENGTH);
- memset(iv, 0, EVP_MAX_IV_LENGTH);
+ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+ OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
return 1;
}
diff --git a/crypto/openssl/crypto/pkcs12/p12_decr.c b/crypto/openssl/crypto/pkcs12/p12_decr.c
index 8cd7e2f41470..68488db86405 100644
--- a/crypto/openssl/crypto/pkcs12/p12_decr.c
+++ b/crypto/openssl/crypto/pkcs12/p12_decr.c
@@ -137,7 +137,7 @@ char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(),
if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
else ret = d2i(NULL, &p, outlen);
- if (seq & 2) memset(out, 0, outlen);
+ if (seq & 2) OPENSSL_cleanse(out, outlen);
if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
OPENSSL_free (out);
return ret;
diff --git a/crypto/openssl/crypto/pkcs12/p12_key.c b/crypto/openssl/crypto/pkcs12/p12_key.c
index a4fd5b98ec9a..298e4c506b6b 100644
--- a/crypto/openssl/crypto/pkcs12/p12_key.c
+++ b/crypto/openssl/crypto/pkcs12/p12_key.c
@@ -91,7 +91,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
id, iter, n, out, md_type);
if(unipass) {
- memset(unipass, 0, uniplen); /* Clear password from memory */
+ OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
OPENSSL_free(unipass);
}
return ret;
diff --git a/crypto/openssl/crypto/pkcs7/Makefile.ssl b/crypto/openssl/crypto/pkcs7/Makefile.ssl
index da0ff22ab22d..fd4a267e8ac7 100644
--- a/crypto/openssl/crypto/pkcs7/Makefile.ssl
+++ b/crypto/openssl/crypto/pkcs7/Makefile.ssl
@@ -87,7 +87,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/pkcs7/bio_ber.c b/crypto/openssl/crypto/pkcs7/bio_ber.c
index 5447e6981861..e73556e3023c 100644
--- a/crypto/openssl/crypto/pkcs7/bio_ber.c
+++ b/crypto/openssl/crypto/pkcs7/bio_ber.c
@@ -145,7 +145,7 @@ static int ber_free(BIO *a)
if (a == NULL) return(0);
b=(BIO_BER_CTX *)a->ptr;
- memset(a->ptr,0,sizeof(BIO_BER_CTX));
+ OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
OPENSSL_free(a->ptr);
a->ptr=NULL;
a->init=0;
diff --git a/crypto/openssl/crypto/pkcs7/pk7_doit.c b/crypto/openssl/crypto/pkcs7/pk7_doit.c
index a45cf76c6873..aa4d49e28be9 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_doit.c
+++ b/crypto/openssl/crypto/pkcs7/pk7_doit.c
@@ -241,7 +241,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
}
OPENSSL_free(tmp);
- memset(key, 0, keylen);
+ OPENSSL_cleanse(key, keylen);
if (out == NULL)
out=btmp;
@@ -448,7 +448,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
}
EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
- memset(tmp,0,jj);
+ OPENSSL_cleanse(tmp,jj);
if (out == NULL)
out=etmp;
diff --git a/crypto/openssl/crypto/rand/Makefile.ssl b/crypto/openssl/crypto/rand/Makefile.ssl
index e9a6876b5a74..8da0c777b344 100644
--- a/crypto/openssl/crypto/rand/Makefile.ssl
+++ b/crypto/openssl/crypto/rand/Makefile.ssl
@@ -68,7 +68,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/rand/md_rand.c b/crypto/openssl/crypto/rand/md_rand.c
index 349629c4843e..5df32b4fe6a8 100644
--- a/crypto/openssl/crypto/rand/md_rand.c
+++ b/crypto/openssl/crypto/rand/md_rand.c
@@ -177,10 +177,10 @@ RAND_METHOD *RAND_SSLeay(void)
static void ssleay_rand_cleanup(void)
{
- memset(state,0,sizeof(state));
+ OPENSSL_cleanse(state,sizeof(state));
state_num=0;
state_index=0;
- memset(md,0,MD_DIGEST_LENGTH);
+ OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
md_count[0]=0;
md_count[1]=0;
entropy=0;
diff --git a/crypto/openssl/crypto/rand/rand_egd.c b/crypto/openssl/crypto/rand/rand_egd.c
index a6601696ad9e..ce169367857a 100644
--- a/crypto/openssl/crypto/rand/rand_egd.c
+++ b/crypto/openssl/crypto/rand/rand_egd.c
@@ -59,7 +59,7 @@
/* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
*/
-#if defined(WIN32) || defined(VMS) || defined(__VMS)
+#if defined(WIN32) || defined(MSDOS) || defined(VMS) || defined(__VMS) || defined(VXWORKS)
int RAND_egd(const char *path)
{
return(-1);
diff --git a/crypto/openssl/crypto/rand/rand_win.c b/crypto/openssl/crypto/rand/rand_win.c
index 2b4b1446edb6..3e148ad4d254 100644
--- a/crypto/openssl/crypto/rand/rand_win.c
+++ b/crypto/openssl/crypto/rand/rand_win.c
@@ -254,6 +254,10 @@ int RAND_poll(void)
* at random times on Windows 2000. Reported by Jeffrey Altman.
* Only use it on NT.
*/
+ /* Wolfgang Marczy <WMarczy@topcall.co.at> reports that
+ * the RegQueryValueEx call below can hang on NT4.0 (SP6).
+ * So we don't use this at all for now. */
+#if 0
if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
osverinfo.dwMajorVersion < 5)
{
@@ -283,13 +287,23 @@ int RAND_poll(void)
{
/* For entropy count assume only least significant
* byte of each DWORD is random.
- */
+ */
RAND_add(&length, sizeof(length), 0);
RAND_add(buf, length, length / 4.0);
+
+ /* Close the Registry Key to allow Windows to cleanup/close
+ * the open handle
+ * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
+ * when the RegQueryValueEx above is done. However, if
+ * it is not explicitly closed, it can cause disk
+ * partition manipulation problems.
+ */
+ RegCloseKey(HKEY_PERFORMANCE_DATA);
}
if (buf)
free(buf);
}
+#endif
if (advapi)
{
@@ -461,7 +475,7 @@ int RAND_poll(void)
hlist.th32ProcessID,
hlist.th32HeapID))
{
- int entrycnt = 50;
+ int entrycnt = 80;
do
RAND_add(&hentry,
hentry.dwSize, 5);
@@ -718,8 +732,10 @@ int RAND_poll(void)
/* put in some default random data, we need more than just this */
l=curr_pid;
RAND_add(&l,sizeof(l),0);
+#ifndef VXWORKS
l=getuid();
RAND_add(&l,sizeof(l),0);
+#endif
l=time(NULL);
RAND_add(&l,sizeof(l),0);
diff --git a/crypto/openssl/crypto/rand/randfile.c b/crypto/openssl/crypto/rand/randfile.c
index c2ae28c3a2a4..f64c7383b2b6 100644
--- a/crypto/openssl/crypto/rand/randfile.c
+++ b/crypto/openssl/crypto/rand/randfile.c
@@ -61,6 +61,8 @@
#include <stdlib.h>
#include <string.h>
+#include "openssl/e_os.h"
+
#ifdef VMS
#include <unixio.h>
#endif
@@ -73,7 +75,6 @@
# include <sys/stat.h>
#endif
-#include "openssl/e_os.h"
#include <openssl/crypto.h>
#include <openssl/rand.h>
@@ -124,7 +125,7 @@ int RAND_load_file(const char *file, long bytes)
}
}
fclose(in);
- memset(buf,0,BUFSIZE);
+ OPENSSL_cleanse(buf,BUFSIZE);
err:
return(ret);
}
@@ -189,7 +190,7 @@ int RAND_write_file(const char *file)
#endif /* VMS */
fclose(out);
- memset(buf,0,BUFSIZE);
+ OPENSSL_cleanse(buf,BUFSIZE);
err:
return (rand_err ? -1 : ret);
}
diff --git a/crypto/openssl/crypto/rand/randtest.c b/crypto/openssl/crypto/rand/randtest.c
index da96e3f6959a..abee3f7b2b2d 100644
--- a/crypto/openssl/crypto/rand/randtest.c
+++ b/crypto/openssl/crypto/rand/randtest.c
@@ -60,6 +60,8 @@
#include <stdlib.h>
#include <openssl/rand.h>
+#include "../e_os.h"
+
/* some FIPS 140-1 random number test */
/* some simple tests */
@@ -202,6 +204,6 @@ int main()
}
printf("test 4 done\n");
err=((err)?1:0);
- exit(err);
+ EXIT(err);
return(err);
}
diff --git a/crypto/openssl/crypto/rc2/Makefile.ssl b/crypto/openssl/crypto/rc2/Makefile.ssl
index 6966e01b6f27..90b6bd988079 100644
--- a/crypto/openssl/crypto/rc2/Makefile.ssl
+++ b/crypto/openssl/crypto/rc2/Makefile.ssl
@@ -68,7 +68,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/rc2/rc2test.c b/crypto/openssl/crypto/rc2/rc2test.c
index 521269ded18c..bf8bc5d02fa4 100644
--- a/crypto/openssl/crypto/rc2/rc2test.c
+++ b/crypto/openssl/crypto/rc2/rc2test.c
@@ -63,6 +63,8 @@
#include <string.h>
#include <stdlib.h>
+#include "../e_os.h"
+
#ifdef NO_RC2
int main(int argc, char *argv[])
{
@@ -203,7 +205,7 @@ int main(int argc, char *argv[])
printf("ok\n");
#endif
- exit(err);
+ EXIT(err);
return(err);
}
diff --git a/crypto/openssl/crypto/rc4/Makefile.ssl b/crypto/openssl/crypto/rc4/Makefile.ssl
index 8ffff0a74e3d..f3a4dad8768e 100644
--- a/crypto/openssl/crypto/rc4/Makefile.ssl
+++ b/crypto/openssl/crypto/rc4/Makefile.ssl
@@ -97,7 +97,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/rc4/rc4.c b/crypto/openssl/crypto/rc4/rc4.c
index 709b7aff35ae..04799009e6f3 100644
--- a/crypto/openssl/crypto/rc4/rc4.c
+++ b/crypto/openssl/crypto/rc4/rc4.c
@@ -155,7 +155,7 @@ bad:
i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
if (i != 0)
{
- memset(buf,0,BUFSIZ);
+ OPENSSL_cleanse(buf,BUFSIZ);
fprintf(stderr,"bad password read\n");
exit(1);
}
@@ -163,7 +163,7 @@ bad:
}
MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
- memset(keystr,0,strlen(keystr));
+ OPENSSL_cleanse(keystr,strlen(keystr));
RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
for(;;)
diff --git a/crypto/openssl/crypto/rc4/rc4test.c b/crypto/openssl/crypto/rc4/rc4test.c
index 3914eb6c3831..3aa40ed23510 100644
--- a/crypto/openssl/crypto/rc4/rc4test.c
+++ b/crypto/openssl/crypto/rc4/rc4test.c
@@ -60,6 +60,8 @@
#include <stdlib.h>
#include <string.h>
+#include "../e_os.h"
+
#ifdef NO_RC4
int main(int argc, char *argv[])
{
@@ -195,7 +197,7 @@ int main(int argc, char *argv[])
}
}
printf("done\n");
- exit(err);
+ EXIT(err);
return(0);
}
#endif
diff --git a/crypto/openssl/crypto/rc5/Makefile.ssl b/crypto/openssl/crypto/rc5/Makefile.ssl
index cf5d176859ba..0497a573a093 100644
--- a/crypto/openssl/crypto/rc5/Makefile.ssl
+++ b/crypto/openssl/crypto/rc5/Makefile.ssl
@@ -94,7 +94,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/rc5/rc5test.c b/crypto/openssl/crypto/rc5/rc5test.c
index 634ceac7c7ee..84e7c71d216a 100644
--- a/crypto/openssl/crypto/rc5/rc5test.c
+++ b/crypto/openssl/crypto/rc5/rc5test.c
@@ -63,6 +63,8 @@
#include <string.h>
#include <stdlib.h>
+#include "../e_os.h"
+
#ifdef NO_RC5
int main(int argc, char *argv[])
{
@@ -318,7 +320,7 @@ int main(int argc, char *argv[])
}
if (err == 0) printf("cbc RC5 ok\n");
- exit(err);
+ EXIT(err);
return(err);
}
diff --git a/crypto/openssl/crypto/ripemd/Makefile.ssl b/crypto/openssl/crypto/ripemd/Makefile.ssl
index 0b1cd7394132..2838fe40b400 100644
--- a/crypto/openssl/crypto/ripemd/Makefile.ssl
+++ b/crypto/openssl/crypto/ripemd/Makefile.ssl
@@ -92,7 +92,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -106,4 +106,6 @@ clean:
rmd_dgst.o: ../../include/openssl/opensslconf.h
rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h
-rmd_one.o: ../../include/openssl/ripemd.h
+rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
+rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
+rmd_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/crypto/openssl/crypto/ripemd/rmd_one.c b/crypto/openssl/crypto/ripemd/rmd_one.c
index efdf2dd6efc2..f8b580c33a3a 100644
--- a/crypto/openssl/crypto/ripemd/rmd_one.c
+++ b/crypto/openssl/crypto/ripemd/rmd_one.c
@@ -59,6 +59,7 @@
#include <stdio.h>
#include <string.h>
#include <openssl/ripemd.h>
+#include <openssl/crypto.h>
unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
unsigned char *md)
@@ -70,7 +71,7 @@ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
RIPEMD160_Init(&c);
RIPEMD160_Update(&c,d,n);
RIPEMD160_Final(md,&c);
- memset(&c,0,sizeof(c)); /* security consideration */
+ OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
return(md);
}
diff --git a/crypto/openssl/crypto/ripemd/rmdtest.c b/crypto/openssl/crypto/ripemd/rmdtest.c
index 5d79c997253b..dd3a49d7058b 100644
--- a/crypto/openssl/crypto/ripemd/rmdtest.c
+++ b/crypto/openssl/crypto/ripemd/rmdtest.c
@@ -60,6 +60,8 @@
#include <string.h>
#include <stdlib.h>
+#include "../e_os.h"
+
#ifdef NO_RIPEMD
int main(int argc, char *argv[])
{
@@ -124,7 +126,7 @@ int main(int argc, char *argv[])
R++;
P++;
}
- exit(err);
+ EXIT(err);
return(0);
}
diff --git a/crypto/openssl/crypto/rsa/Makefile.ssl b/crypto/openssl/crypto/rsa/Makefile.ssl
index 1be9a1cd2397..3584942d769e 100644
--- a/crypto/openssl/crypto/rsa/Makefile.ssl
+++ b/crypto/openssl/crypto/rsa/Makefile.ssl
@@ -70,7 +70,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/rsa/rsa.h b/crypto/openssl/crypto/rsa/rsa.h
index 179706a2d430..76aed3cb3852 100644
--- a/crypto/openssl/crypto/rsa/rsa.h
+++ b/crypto/openssl/crypto/rsa/rsa.h
@@ -1,5 +1,4 @@
/* crypto/rsa/rsa.h */
-/* $FreeBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -170,6 +169,8 @@ struct rsa_st
#define RSA_NO_PADDING 3
#define RSA_PKCS1_OAEP_PADDING 4
+#define RSA_PKCS1_PADDING_SIZE 11
+
#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
#define RSA_get_app_data(s) RSA_get_ex_data(s,0)
diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c
index e861a491adfb..c49abe6e3eed 100644
--- a/crypto/openssl/crypto/rsa/rsa_eay.c
+++ b/crypto/openssl/crypto/rsa/rsa_eay.c
@@ -1,5 +1,4 @@
/* crypto/rsa/rsa_eay.c */
-/* $FreeBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -185,7 +184,7 @@ err:
BN_clear_free(&ret);
if (buf != NULL)
{
- memset(buf,0,num);
+ OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
@@ -269,7 +268,7 @@ err:
BN_clear_free(&f);
if (buf != NULL)
{
- memset(buf,0,num);
+ OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
@@ -368,7 +367,7 @@ err:
BN_clear_free(&ret);
if (buf != NULL)
{
- memset(buf,0,num);
+ OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
@@ -465,7 +464,7 @@ err:
BN_clear_free(&ret);
if (buf != NULL)
{
- memset(buf,0,num);
+ OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
diff --git a/crypto/openssl/crypto/rsa/rsa_lib.c b/crypto/openssl/crypto/rsa/rsa_lib.c
index 5220f5f5562c..422643e9f2e8 100644
--- a/crypto/openssl/crypto/rsa/rsa_lib.c
+++ b/crypto/openssl/crypto/rsa/rsa_lib.c
@@ -1,5 +1,4 @@
/* crypto/rsa/rsa_lib.c */
-/* $FreeBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
diff --git a/crypto/openssl/crypto/rsa/rsa_pk1.c b/crypto/openssl/crypto/rsa/rsa_pk1.c
index 48a32bc264a8..b3f1c2200dd5 100644
--- a/crypto/openssl/crypto/rsa/rsa_pk1.c
+++ b/crypto/openssl/crypto/rsa/rsa_pk1.c
@@ -68,7 +68,7 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
int j;
unsigned char *p;
- if (flen > (tlen-11))
+ if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return(0);
diff --git a/crypto/openssl/crypto/rsa/rsa_saos.c b/crypto/openssl/crypto/rsa/rsa_saos.c
index c77f4381ffb1..749fb209655d 100644
--- a/crypto/openssl/crypto/rsa/rsa_saos.c
+++ b/crypto/openssl/crypto/rsa/rsa_saos.c
@@ -76,7 +76,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
i=i2d_ASN1_OCTET_STRING(&sig,NULL);
j=RSA_size(rsa);
- if ((i-RSA_PKCS1_PADDING) > j)
+ if (i > (j-RSA_PKCS1_PADDING_SIZE))
{
RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
return(0);
@@ -95,7 +95,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
else
*siglen=i;
- memset(s,0,(unsigned int)j+1);
+ OPENSSL_cleanse(s,(unsigned int)j+1);
OPENSSL_free(s);
return(ret);
}
@@ -137,7 +137,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m,
ret=1;
err:
if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
- memset(s,0,(unsigned int)siglen);
+ OPENSSL_cleanse(s,(unsigned int)siglen);
OPENSSL_free(s);
return(ret);
}
diff --git a/crypto/openssl/crypto/rsa/rsa_sign.c b/crypto/openssl/crypto/rsa/rsa_sign.c
index 31049b979194..83764a2ce3e8 100644
--- a/crypto/openssl/crypto/rsa/rsa_sign.c
+++ b/crypto/openssl/crypto/rsa/rsa_sign.c
@@ -109,7 +109,7 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
i=i2d_X509_SIG(&sig,NULL);
}
j=RSA_size(rsa);
- if ((i-RSA_PKCS1_PADDING) > j)
+ if (i > (j-RSA_PKCS1_PADDING_SIZE))
{
RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
return(0);
@@ -131,7 +131,7 @@ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
*siglen=i;
if(type != NID_md5_sha1) {
- memset(s,0,(unsigned int)j+1);
+ OPENSSL_cleanse(s,(unsigned int)j+1);
OPENSSL_free(s);
}
return(ret);
@@ -214,7 +214,7 @@ int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
}
err:
if (sig != NULL) X509_SIG_free(sig);
- memset(s,0,(unsigned int)siglen);
+ OPENSSL_cleanse(s,(unsigned int)siglen);
OPENSSL_free(s);
return(ret);
}
diff --git a/crypto/openssl/crypto/sha/Makefile.ssl b/crypto/openssl/crypto/sha/Makefile.ssl
index 75d3e0bf4ff3..d0e656cb033f 100644
--- a/crypto/openssl/crypto/sha/Makefile.ssl
+++ b/crypto/openssl/crypto/sha/Makefile.ssl
@@ -92,7 +92,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -103,11 +103,15 @@ clean:
# DO NOT DELETE THIS LINE -- make depend depends on it.
-sha1_one.o: ../../include/openssl/sha.h
+sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
+sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
sha1dgst.o: ../../include/openssl/opensslconf.h
sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
sha1dgst.o: ../md32_common.h sha_locl.h
sha_dgst.o: ../../include/openssl/opensslconf.h
sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
sha_dgst.o: ../md32_common.h sha_locl.h
-sha_one.o: ../../include/openssl/sha.h
+sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
+sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/crypto/openssl/crypto/sha/sha1_one.c b/crypto/openssl/crypto/sha/sha1_one.c
index 861752eaa7ea..acf3e92ff22b 100644
--- a/crypto/openssl/crypto/sha/sha1_one.c
+++ b/crypto/openssl/crypto/sha/sha1_one.c
@@ -59,6 +59,7 @@
#include <stdio.h>
#include <string.h>
#include <openssl/sha.h>
+#include <openssl/crypto.h>
#ifndef NO_SHA1
unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
@@ -70,7 +71,7 @@ unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
SHA1_Init(&c);
SHA1_Update(&c,d,n);
SHA1_Final(md,&c);
- memset(&c,0,sizeof(c));
+ OPENSSL_cleanse(&c,sizeof(c));
return(md);
}
#endif
diff --git a/crypto/openssl/crypto/sha/sha1test.c b/crypto/openssl/crypto/sha/sha1test.c
index 688d06c63747..8c2bd33f56fa 100644
--- a/crypto/openssl/crypto/sha/sha1test.c
+++ b/crypto/openssl/crypto/sha/sha1test.c
@@ -60,6 +60,8 @@
#include <string.h>
#include <stdlib.h>
+#include "../e_os.h"
+
#ifdef NO_SHA
int main(int argc, char *argv[])
{
@@ -152,7 +154,7 @@ int main(int argc, char *argv[])
}
else
printf("test 3 ok\n");
- exit(err);
+ EXIT(err);
return(0);
}
diff --git a/crypto/openssl/crypto/sha/sha_one.c b/crypto/openssl/crypto/sha/sha_one.c
index 2d955de16286..ece37146c21d 100644
--- a/crypto/openssl/crypto/sha/sha_one.c
+++ b/crypto/openssl/crypto/sha/sha_one.c
@@ -59,6 +59,7 @@
#include <stdio.h>
#include <string.h>
#include <openssl/sha.h>
+#include <openssl/crypto.h>
#ifndef NO_SHA0
unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
@@ -70,7 +71,7 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
SHA_Init(&c);
SHA_Update(&c,d,n);
SHA_Final(md,&c);
- memset(&c,0,sizeof(c));
+ OPENSSL_cleanse(&c,sizeof(c));
return(md);
}
#endif
diff --git a/crypto/openssl/crypto/sha/shatest.c b/crypto/openssl/crypto/sha/shatest.c
index a5786bbf768d..d9329f0307b5 100644
--- a/crypto/openssl/crypto/sha/shatest.c
+++ b/crypto/openssl/crypto/sha/shatest.c
@@ -60,6 +60,8 @@
#include <string.h>
#include <stdlib.h>
+#include "../e_os.h"
+
#ifdef NO_SHA
int main(int argc, char *argv[])
{
@@ -152,7 +154,7 @@ int main(int argc, char *argv[])
}
else
printf("test 3 ok\n");
- exit(err);
+ EXIT(err);
return(0);
}
diff --git a/crypto/openssl/crypto/stack/Makefile.ssl b/crypto/openssl/crypto/stack/Makefile.ssl
index 2027d3946ce1..dde60c934cd5 100644
--- a/crypto/openssl/crypto/stack/Makefile.ssl
+++ b/crypto/openssl/crypto/stack/Makefile.ssl
@@ -68,7 +68,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/threads/mttest.c b/crypto/openssl/crypto/threads/mttest.c
index 100165948c02..3d1b212b1c74 100644
--- a/crypto/openssl/crypto/threads/mttest.c
+++ b/crypto/openssl/crypto/threads/mttest.c
@@ -77,6 +77,10 @@
#ifdef PTHREADS
#include <pthread.h>
#endif
+#ifdef VXWORKS
+#include <taskLib.h>
+#include <semLib.h>
+#endif
#include <openssl/lhash.h>
#include <openssl/crypto.h>
#include <openssl/buffer.h>
@@ -105,10 +109,12 @@ void irix_locking_callback(int mode,int type,char *file,int line);
void solaris_locking_callback(int mode,int type,char *file,int line);
void win32_locking_callback(int mode,int type,char *file,int line);
void pthreads_locking_callback(int mode,int type,char *file,int line);
+void vxworks_locking_callback(int mode,int type,char *file,int line);
unsigned long irix_thread_id(void );
unsigned long solaris_thread_id(void );
unsigned long pthreads_thread_id(void );
+unsigned long vxworks_thread_id(void );
BIO *bio_err=NULL;
BIO *bio_stdout=NULL;
@@ -1097,4 +1103,119 @@ unsigned long pthreads_thread_id(void)
#endif /* PTHREADS */
+#ifdef VXWORKS
+
+#define DEFAULT_TASK_NAME NULL
+#define DEFAULT_TASK_PRIORITY 100
+#define DEFAULT_TASK_OPTIONS 0
+#define DEFAULT_TASK_STACK_BYTES 32768
+
+static SEM_ID *lock_cs;
+static long *lock_count;
+
+extern int sysClkRateGet();
+
+void thread_setup(void)
+ {
+ int i;
+
+ lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(SEM_ID));
+ lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+ for (i=0; i<CRYPTO_num_locks(); i++)
+ {
+ lock_count[i]=0;
+ lock_cs[i] = semMCreate(SEM_Q_PRIORITY | SEM_INVERSION_SAFE);
+ }
+
+ CRYPTO_set_id_callback((unsigned long (*)())vxworks_thread_id);
+ CRYPTO_set_locking_callback((void (*)())vxworks_locking_callback);
+ }
+
+void thread_cleanup(void)
+ {
+ int i;
+
+ CRYPTO_set_locking_callback(NULL);
+ fprintf(stderr,"cleanup\n");
+ for (i=0; i<CRYPTO_num_locks(); i++)
+ {
+ semDelete(lock_cs[i]);
+ fprintf(stderr,"%8ld:%s\n",lock_count[i],
+ CRYPTO_get_lock_name(i));
+ }
+ OPENSSL_free(lock_cs);
+ OPENSSL_free(lock_count);
+
+ fprintf(stderr,"done cleanup\n");
+ }
+
+void vxworks_locking_callback(int mode, int type, char *file, int line)
+ {
+#ifdef undef
+ fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode&CRYPTO_LOCK)?"l":"u",
+ (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+/*
+ if (CRYPTO_LOCK_SSL_CERT == type)
+ fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+ CRYPTO_thread_id(),
+ mode,file,line);
+*/
+ if (mode & CRYPTO_LOCK)
+ {
+ semTake(lock_cs[type], WAIT_FOREVER);
+ lock_count[type]++;
+ }
+ else
+ {
+ semGive(lock_cs[type]);
+ }
+ }
+
+
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+ {
+ SSL_CTX *ssl_ctx[2];
+ int thread_ctx[MAX_THREAD_NUMBER];
+ int i;
+
+ ssl_ctx[0]=s_ctx;
+ ssl_ctx[1]=c_ctx;
+
+ /*
+ thr_setconcurrency(thread_number);
+ */
+ for (i=0; i<thread_number; i++)
+ {
+ thread_ctx[i] = taskSpawn(DEFAULT_TASK_NAME,
+ DEFAULT_TASK_PRIORITY,
+ DEFAULT_TASK_OPTIONS,
+ DEFAULT_TASK_STACK_BYTES,
+ (FUNCPTR)ndoit,
+ (int)ssl_ctx, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+
+ printf("Spawned task %d (%x)\n", i, thread_ctx[i]);
+ }
+
+ printf("reaping\n");
+ for (i=0; i<thread_number; i++)
+ {
+ while(taskIdVerify(thread_ctx[i]) != ERROR)
+ {
+ taskDelay(sysClkRateGet()/10);
+ }
+ printf("Reaped task %d (%x)\n", i, thread_ctx[i]);
+ }
+
+ printf("vxworks threads done (%d,%d)\n",
+ s_ctx->references,c_ctx->references);
+ }
+
+unsigned long vxworks_thread_id(void)
+ {
+ return((unsigned long)taskIdSelf());
+ }
+#endif /* VXWORKS */
diff --git a/crypto/openssl/crypto/tmdiff.c b/crypto/openssl/crypto/tmdiff.c
index 830092210f42..fc38e139a71d 100644
--- a/crypto/openssl/crypto/tmdiff.c
+++ b/crypto/openssl/crypto/tmdiff.c
@@ -105,6 +105,11 @@
#include <windows.h>
#endif
+#ifdef VXWORKS
+#include <tickLib.h>
+#include <drv/timer/timerDev.h>
+#endif
+
/* The following if from times(3) man page. It may need to be changed */
#ifndef HZ
# ifndef CLK_TCK
diff --git a/crypto/openssl/crypto/txt_db/Makefile.ssl b/crypto/openssl/crypto/txt_db/Makefile.ssl
index 567202abb771..8c5db888fa5e 100644
--- a/crypto/openssl/crypto/txt_db/Makefile.ssl
+++ b/crypto/openssl/crypto/txt_db/Makefile.ssl
@@ -68,7 +68,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/uid.c b/crypto/openssl/crypto/uid.c
index b5b61b76d4e3..4bd283592ca8 100644
--- a/crypto/openssl/crypto/uid.c
+++ b/crypto/openssl/crypto/uid.c
@@ -64,7 +64,7 @@ int OPENSSL_issetugid(void)
return issetugid();
}
-#elif defined(WIN32)
+#elif defined(WIN32) || defined(VXWORKS)
int OPENSSL_issetugid(void)
{
diff --git a/crypto/openssl/crypto/x509/Makefile.ssl b/crypto/openssl/crypto/x509/Makefile.ssl
index bcee4b362348..ef19cdd7c089 100644
--- a/crypto/openssl/crypto/x509/Makefile.ssl
+++ b/crypto/openssl/crypto/x509/Makefile.ssl
@@ -78,7 +78,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/crypto/x509/by_file.c b/crypto/openssl/crypto/x509/by_file.c
index 78e9240a8d09..05a3a0293bee 100644
--- a/crypto/openssl/crypto/x509/by_file.c
+++ b/crypto/openssl/crypto/x509/by_file.c
@@ -100,18 +100,19 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT)
{
- ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
- X509_FILETYPE_PEM) != 0);
+ file = (char *)Getenv(X509_get_default_cert_file_env());
+ if (file)
+ ok = (X509_load_cert_crl_file(ctx,file,
+ X509_FILETYPE_PEM) != 0);
+
+ if (!ok)
+ ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+ X509_FILETYPE_PEM) != 0);
+
if (!ok)
{
X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
}
- else
- {
- file=(char *)Getenv(X509_get_default_cert_file_env());
- ok = (X509_load_cert_crl_file(ctx,file,
- X509_FILETYPE_PEM) != 0);
- }
}
else
{
diff --git a/crypto/openssl/crypto/x509/x509_cmp.c b/crypto/openssl/crypto/x509/x509_cmp.c
index 3f9f9b3d472e..792781009820 100644
--- a/crypto/openssl/crypto/x509/x509_cmp.c
+++ b/crypto/openssl/crypto/x509/x509_cmp.c
@@ -57,6 +57,7 @@
*/
#include <stdio.h>
+#include <ctype.h>
#include "cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/objects.h>
@@ -157,6 +158,99 @@ int X509_cmp(const X509 *a, const X509 *b)
}
#endif
+
+/* Case insensitive string comparision */
+static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+ int i;
+
+ if (a->length != b->length)
+ return (a->length - b->length);
+
+ for (i=0; i<a->length; i++)
+ {
+ int ca, cb;
+
+ ca = tolower(a->data[i]);
+ cb = tolower(b->data[i]);
+
+ if (ca != cb)
+ return(ca-cb);
+ }
+ return 0;
+}
+
+/* Case insensitive string comparision with space normalization
+ * Space normalization - ignore leading, trailing spaces,
+ * multiple spaces between characters are replaced by single space
+ */
+static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+ unsigned char *pa = NULL, *pb = NULL;
+ int la, lb;
+
+ la = a->length;
+ lb = b->length;
+ pa = a->data;
+ pb = b->data;
+
+ /* skip leading spaces */
+ while (la > 0 && isspace(*pa))
+ {
+ la--;
+ pa++;
+ }
+ while (lb > 0 && isspace(*pb))
+ {
+ lb--;
+ pb++;
+ }
+
+ /* skip trailing spaces */
+ while (la > 0 && isspace(pa[la-1]))
+ la--;
+ while (lb > 0 && isspace(pb[lb-1]))
+ lb--;
+
+ /* compare strings with space normalization */
+ while (la > 0 && lb > 0)
+ {
+ int ca, cb;
+
+ /* compare character */
+ ca = tolower(*pa);
+ cb = tolower(*pb);
+ if (ca != cb)
+ return (ca - cb);
+
+ pa++; pb++;
+ la--; lb--;
+
+ if (la <= 0 || lb <= 0)
+ break;
+
+ /* is white space next character ? */
+ if (isspace(*pa) && isspace(*pb))
+ {
+ /* skip remaining white spaces */
+ while (la > 0 && isspace(*pa))
+ {
+ la--;
+ pa++;
+ }
+ while (lb > 0 && isspace(*pb))
+ {
+ lb--;
+ pb++;
+ }
+ }
+ }
+ if (la > 0 || lb > 0)
+ return la - lb;
+
+ return 0;
+}
+
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
{
int i,j;
@@ -170,10 +264,20 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
{
na=sk_X509_NAME_ENTRY_value(a->entries,i);
nb=sk_X509_NAME_ENTRY_value(b->entries,i);
- j=na->value->length-nb->value->length;
+ j=na->value->type-nb->value->type;
if (j) return(j);
- j=memcmp(na->value->data,nb->value->data,
- na->value->length);
+ if (na->value->type == V_ASN1_PRINTABLESTRING)
+ j=nocase_spacenorm_cmp(na->value, nb->value);
+ else if (na->value->type == V_ASN1_IA5STRING
+ && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
+ j=nocase_cmp(na->value, nb->value);
+ else
+ {
+ j=na->value->length-nb->value->length;
+ if (j) return(j);
+ j=memcmp(na->value->data,nb->value->data,
+ na->value->length);
+ }
if (j) return(j);
j=na->set-nb->set;
if (j) return(j);
diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c
index 7a3009224777..9ad9276ff76b 100644
--- a/crypto/openssl/crypto/x509/x509_vfy.c
+++ b/crypto/openssl/crypto/x509/x509_vfy.c
@@ -567,7 +567,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
{
char *str;
ASN1_TIME atm;
- time_t offset;
+ long offset;
char buff1[24],buff2[24],*p;
int i,j;
diff --git a/crypto/openssl/crypto/x509v3/Makefile.ssl b/crypto/openssl/crypto/x509v3/Makefile.ssl
index 672290a7f93b..c7d00bb8d054 100644
--- a/crypto/openssl/crypto/x509v3/Makefile.ssl
+++ b/crypto/openssl/crypto/x509v3/Makefile.ssl
@@ -72,7 +72,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/demos/selfsign.c b/crypto/openssl/demos/selfsign.c
index 68904c611eac..3d90caaa6463 100644
--- a/crypto/openssl/demos/selfsign.c
+++ b/crypto/openssl/demos/selfsign.c
@@ -106,7 +106,7 @@ int days;
}
rsa=NULL;
- X509_set_version(x,3);
+ X509_set_version(x,2);
ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
X509_gmtime_adj(X509_get_notBefore(x),0);
X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
diff --git a/crypto/openssl/doc/apps/passwd.pod b/crypto/openssl/doc/apps/passwd.pod
index 6e098940c750..d56f0e7a1cd7 100644
--- a/crypto/openssl/doc/apps/passwd.pod
+++ b/crypto/openssl/doc/apps/passwd.pod
@@ -69,7 +69,7 @@ to each password hash.
B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
-B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1>.
+B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>.
B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
diff --git a/crypto/openssl/doc/apps/req.pod b/crypto/openssl/doc/apps/req.pod
index a3f54f45a30d..ed5c7effb8f8 100644
--- a/crypto/openssl/doc/apps/req.pod
+++ b/crypto/openssl/doc/apps/req.pod
@@ -457,13 +457,13 @@ Sample configuration containing all field values:
The header and footer lines in the B<PEM> format are normally:
- -----BEGIN CERTIFICATE REQUEST----
- -----END CERTIFICATE REQUEST----
+ -----BEGIN CERTIFICATE REQUEST-----
+ -----END CERTIFICATE REQUEST-----
some software (some versions of Netscape certificate server) instead needs:
- -----BEGIN NEW CERTIFICATE REQUEST----
- -----END NEW CERTIFICATE REQUEST----
+ -----BEGIN NEW CERTIFICATE REQUEST-----
+ -----END NEW CERTIFICATE REQUEST-----
which is produced with the B<-newhdr> option but is otherwise compatible.
Either form is accepted transparently on input.
diff --git a/crypto/openssl/doc/apps/smime.pod b/crypto/openssl/doc/apps/smime.pod
index fa5d23e8dc3b..2453dd2738d1 100644
--- a/crypto/openssl/doc/apps/smime.pod
+++ b/crypto/openssl/doc/apps/smime.pod
@@ -340,8 +340,8 @@ detached signature format. You can use this program to verify the
signature by line wrapping the base64 encoded structure and surrounding
it with:
- -----BEGIN PKCS7----
- -----END PKCS7----
+ -----BEGIN PKCS7-----
+ -----END PKCS7-----
and using the command,
diff --git a/crypto/openssl/doc/apps/x509.pod b/crypto/openssl/doc/apps/x509.pod
index 84f76cb421be..890e7b5f6235 100644
--- a/crypto/openssl/doc/apps/x509.pod
+++ b/crypto/openssl/doc/apps/x509.pod
@@ -321,7 +321,7 @@ The default filename consists of the CA certificate file base name with
".srl" appended. For example if the CA certificate file is called
"mycacert.pem" it expects to find a serial number file called "mycacert.srl".
-=item B<-CAcreateserial filename>
+=item B<-CAcreateserial>
with this option the CA serial number file is created if it does not exist:
it will contain the serial number "02" and the certificate being signed will
@@ -532,25 +532,25 @@ certificate extensions:
Set a certificate to be trusted for SSL client use and change set its alias to
"Steve's Class 1 CA"
- openssl x509 -in cert.pem -addtrust sslclient \
- -alias "Steve's Class 1 CA" -out trust.pem
+ openssl x509 -in cert.pem -addtrust clientAuth \
+ -setalias "Steve's Class 1 CA" -out trust.pem
=head1 NOTES
The PEM format uses the header and footer lines:
- -----BEGIN CERTIFICATE----
- -----END CERTIFICATE----
+ -----BEGIN CERTIFICATE-----
+ -----END CERTIFICATE-----
it will also handle files containing:
- -----BEGIN X509 CERTIFICATE----
- -----END X509 CERTIFICATE----
+ -----BEGIN X509 CERTIFICATE-----
+ -----END X509 CERTIFICATE-----
Trusted certificates have the lines
- -----BEGIN TRUSTED CERTIFICATE----
- -----END TRUSTED CERTIFICATE----
+ -----BEGIN TRUSTED CERTIFICATE-----
+ -----END TRUSTED CERTIFICATE-----
The conversion to UTF8 format used with the name options assumes that
T61Strings use the ISO8859-1 character set. This is wrong but Netscape
diff --git a/crypto/openssl/doc/c-indentation.el b/crypto/openssl/doc/c-indentation.el
index 48ca3cf69b30..cbf01cb1720a 100644
--- a/crypto/openssl/doc/c-indentation.el
+++ b/crypto/openssl/doc/c-indentation.el
@@ -13,12 +13,10 @@
;
; Apparently statement blocks that are not introduced by a statement
; such as "if" and that are not the body of a function cannot
-; be handled too well by CC mode with this indentation style.
-; The style defined below does not indent them at all.
-; To insert tabs manually, prefix them with ^Q (the "quoted-insert"
-; command of Emacs). If you know a solution to this problem
-; or find other problems with this indentation style definition,
-; please send e-mail to bodo@openssl.org.
+; be handled too well by CC mode with this indentation style,
+; so you have to indent them manually (you can use C-q tab).
+;
+; For suggesting improvements, please send e-mail to bodo@openssl.org.
(c-add-style "eay"
'((c-basic-offset . 8)
diff --git a/crypto/openssl/doc/crypto/BN_CTX_new.pod b/crypto/openssl/doc/crypto/BN_CTX_new.pod
index c94d8c610da5..ad8d07db89af 100644
--- a/crypto/openssl/doc/crypto/BN_CTX_new.pod
+++ b/crypto/openssl/doc/crypto/BN_CTX_new.pod
@@ -42,7 +42,7 @@ BN_CTX_init() and BN_CTX_free() have no return values.
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
L<BN_CTX_start(3)|BN_CTX_start(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/BN_add.pod b/crypto/openssl/doc/crypto/BN_add.pod
index 0541d4564352..7baed2d4920e 100644
--- a/crypto/openssl/doc/crypto/BN_add.pod
+++ b/crypto/openssl/doc/crypto/BN_add.pod
@@ -86,7 +86,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/BN_add_word.pod b/crypto/openssl/doc/crypto/BN_add_word.pod
index 66bedfb92442..94244adea4cd 100644
--- a/crypto/openssl/doc/crypto/BN_add_word.pod
+++ b/crypto/openssl/doc/crypto/BN_add_word.pod
@@ -46,7 +46,7 @@ BN_mod_word() and BN_div_word() return B<a>%B<w>.
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/BN_bn2bin.pod b/crypto/openssl/doc/crypto/BN_bn2bin.pod
index b62d1af0ff6d..a4b17ca60a89 100644
--- a/crypto/openssl/doc/crypto/BN_bn2bin.pod
+++ b/crypto/openssl/doc/crypto/BN_bn2bin.pod
@@ -80,7 +80,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_zero(3)|BN_zero(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_zero(3)|BN_zero(3)>,
L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
L<BN_num_bytes(3)|BN_num_bytes(3)>
diff --git a/crypto/openssl/doc/crypto/BN_copy.pod b/crypto/openssl/doc/crypto/BN_copy.pod
index 8ad25e7834f6..388dd7df2653 100644
--- a/crypto/openssl/doc/crypto/BN_copy.pod
+++ b/crypto/openssl/doc/crypto/BN_copy.pod
@@ -25,7 +25,7 @@ by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/BN_generate_prime.pod b/crypto/openssl/doc/crypto/BN_generate_prime.pod
index 638f6514ee8a..7dccacbc1e55 100644
--- a/crypto/openssl/doc/crypto/BN_generate_prime.pod
+++ b/crypto/openssl/doc/crypto/BN_generate_prime.pod
@@ -70,7 +70,7 @@ If B<do_trial_division == 0>, this test is skipped.
Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
probabilistic primality test with B<checks> iterations. If
-B<checks == BN_prime_check>, a number of iterations is used that
+B<checks == BN_prime_checks>, a number of iterations is used that
yields a false positive rate of at most 2^-80 for random input.
If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
@@ -90,7 +90,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/BN_mod_inverse.pod b/crypto/openssl/doc/crypto/BN_mod_inverse.pod
index 49e62daf9f2e..3ea3975c7422 100644
--- a/crypto/openssl/doc/crypto/BN_mod_inverse.pod
+++ b/crypto/openssl/doc/crypto/BN_mod_inverse.pod
@@ -27,7 +27,7 @@ NULL on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_err
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod b/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod
index 0b8ab512df87..f3cee924b93a 100644
--- a/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod
+++ b/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod
@@ -81,7 +81,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
L<BN_CTX_new(3)|BN_CTX_new(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod b/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod
index a28925f8a93a..74a216ddc2ad 100644
--- a/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod
+++ b/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod
@@ -69,7 +69,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
L<BN_CTX_new(3)|BN_CTX_new(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/BN_new.pod b/crypto/openssl/doc/crypto/BN_new.pod
index c1394ff2a37d..3033789c5147 100644
--- a/crypto/openssl/doc/crypto/BN_new.pod
+++ b/crypto/openssl/doc/crypto/BN_new.pod
@@ -42,7 +42,7 @@ values.
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/BN_rand.pod b/crypto/openssl/doc/crypto/BN_rand.pod
index 9cec238f9e24..81f93c2eb3a4 100644
--- a/crypto/openssl/doc/crypto/BN_rand.pod
+++ b/crypto/openssl/doc/crypto/BN_rand.pod
@@ -45,7 +45,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
-L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/DH_generate_key.pod b/crypto/openssl/doc/crypto/DH_generate_key.pod
index 920995b2e5aa..81f09fdf45ea 100644
--- a/crypto/openssl/doc/crypto/DH_generate_key.pod
+++ b/crypto/openssl/doc/crypto/DH_generate_key.pod
@@ -40,7 +40,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
-L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/DH_generate_parameters.pod b/crypto/openssl/doc/crypto/DH_generate_parameters.pod
index a7d0c75f0cb3..9081e9ea7cf9 100644
--- a/crypto/openssl/doc/crypto/DH_generate_parameters.pod
+++ b/crypto/openssl/doc/crypto/DH_generate_parameters.pod
@@ -59,7 +59,8 @@ a usable generator.
=head1 SEE ALSO
-L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_free(3)|DH_free(3)>
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DH_free(3)|DH_free(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/DH_new.pod b/crypto/openssl/doc/crypto/DH_new.pod
index 64624b9d1560..60c930093e02 100644
--- a/crypto/openssl/doc/crypto/DH_new.pod
+++ b/crypto/openssl/doc/crypto/DH_new.pod
@@ -29,7 +29,7 @@ DH_free() returns no value.
=head1 SEE ALSO
-L<dh(3)|dh(3)>, L<err(3)|err(3)>,
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
L<DH_generate_key(3)|DH_generate_key(3)>
diff --git a/crypto/openssl/doc/crypto/DSA_SIG_new.pod b/crypto/openssl/doc/crypto/DSA_SIG_new.pod
index 671655554a53..3ac614003816 100644
--- a/crypto/openssl/doc/crypto/DSA_SIG_new.pod
+++ b/crypto/openssl/doc/crypto/DSA_SIG_new.pod
@@ -30,7 +30,8 @@ DSA_SIG_free() returns no value.
=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<DSA_do_sign(3)|DSA_do_sign(3)>
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<DSA_do_sign(3)|DSA_do_sign(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/DSA_do_sign.pod b/crypto/openssl/doc/crypto/DSA_do_sign.pod
index a24fd5714efe..5dfc733b20e2 100644
--- a/crypto/openssl/doc/crypto/DSA_do_sign.pod
+++ b/crypto/openssl/doc/crypto/DSA_do_sign.pod
@@ -36,7 +36,7 @@ L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
L<DSA_sign(3)|DSA_sign(3)>
diff --git a/crypto/openssl/doc/crypto/DSA_dup_DH.pod b/crypto/openssl/doc/crypto/DSA_dup_DH.pod
index 29cb1075d110..695f99a13b19 100644
--- a/crypto/openssl/doc/crypto/DSA_dup_DH.pod
+++ b/crypto/openssl/doc/crypto/DSA_dup_DH.pod
@@ -27,7 +27,7 @@ Be careful to avoid small subgroup attacks when using this.
=head1 SEE ALSO
-L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>
+L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/DSA_generate_key.pod b/crypto/openssl/doc/crypto/DSA_generate_key.pod
index 52890db5be20..af83ccfaa16b 100644
--- a/crypto/openssl/doc/crypto/DSA_generate_key.pod
+++ b/crypto/openssl/doc/crypto/DSA_generate_key.pod
@@ -24,7 +24,8 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/DSA_generate_parameters.pod b/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
index 43f60b0eb955..be7c924ff8f9 100644
--- a/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
+++ b/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
@@ -90,7 +90,7 @@ Seed lengths E<gt> 20 are not supported.
=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
L<DSA_free(3)|DSA_free(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/DSA_new.pod b/crypto/openssl/doc/crypto/DSA_new.pod
index 7dde54445b75..301af912dd53 100644
--- a/crypto/openssl/doc/crypto/DSA_new.pod
+++ b/crypto/openssl/doc/crypto/DSA_new.pod
@@ -30,7 +30,7 @@ DSA_free() returns no value.
=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
L<DSA_generate_key(3)|DSA_generate_key(3)>
diff --git a/crypto/openssl/doc/crypto/DSA_sign.pod b/crypto/openssl/doc/crypto/DSA_sign.pod
index f6e60a8ca32e..97389e8ec885 100644
--- a/crypto/openssl/doc/crypto/DSA_sign.pod
+++ b/crypto/openssl/doc/crypto/DSA_sign.pod
@@ -55,7 +55,7 @@ Standard, DSS), ANSI X9.30
=head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
L<DSA_do_sign(3)|DSA_do_sign(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/EVP_SealInit.pod b/crypto/openssl/doc/crypto/EVP_SealInit.pod
index 0451eb648a39..7cd12491cda0 100644
--- a/crypto/openssl/doc/crypto/EVP_SealInit.pod
+++ b/crypto/openssl/doc/crypto/EVP_SealInit.pod
@@ -12,7 +12,7 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
- int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl);
=head1 DESCRIPTION
@@ -43,8 +43,7 @@ page.
EVP_SealInit() returns 0 on error or B<npubk> if successful.
-EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for
-failure.
+EVP_SealUpdate() returns 1 for success and 0 for failure.
=head1 NOTES
diff --git a/crypto/openssl/doc/crypto/RAND_bytes.pod b/crypto/openssl/doc/crypto/RAND_bytes.pod
index b6ebd5052788..ce6329ce54af 100644
--- a/crypto/openssl/doc/crypto/RAND_bytes.pod
+++ b/crypto/openssl/doc/crypto/RAND_bytes.pod
@@ -35,7 +35,8 @@ method.
=head1 SEE ALSO
-L<rand(3)|rand(3)>, L<err(3)|err(3)>, L<RAND_add(3)|RAND_add(3)>
+L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<RAND_add(3)|RAND_add(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/RSA_check_key.pod b/crypto/openssl/doc/crypto/RSA_check_key.pod
index 8a42d2e0d47e..f476a56ac8ea 100644
--- a/crypto/openssl/doc/crypto/RSA_check_key.pod
+++ b/crypto/openssl/doc/crypto/RSA_check_key.pod
@@ -39,7 +39,7 @@ key data too.
=head1 SEE ALSO
-L<rsa(3)|rsa(3)>, L<err(3)|err(3)>
+L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/RSA_generate_key.pod b/crypto/openssl/doc/crypto/RSA_generate_key.pod
index 8714f7179d65..52dbb14a537d 100644
--- a/crypto/openssl/doc/crypto/RSA_generate_key.pod
+++ b/crypto/openssl/doc/crypto/RSA_generate_key.pod
@@ -59,7 +59,8 @@ RSA_generate_key() goes into an infinite loop for illegal input values.
=head1 SEE ALSO
-L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_free(3)|RSA_free(3)>
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_free(3)|RSA_free(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/RSA_print.pod b/crypto/openssl/doc/crypto/RSA_print.pod
index 67876facc5df..e28d107d1c6e 100644
--- a/crypto/openssl/doc/crypto/RSA_print.pod
+++ b/crypto/openssl/doc/crypto/RSA_print.pod
@@ -2,9 +2,9 @@
=head1 NAME
-RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print,
-DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic
-parameters
+RSA_print, RSA_print_fp,
+DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
+DHparams_print, DHparams_print_fp - print cryptographic parameters
=head1 SYNOPSIS
diff --git a/crypto/openssl/doc/crypto/RSA_private_encrypt.pod b/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
index 6861a98a109a..746a80c79ea0 100644
--- a/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
+++ b/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
@@ -59,7 +59,8 @@ obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
-L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/RSA_public_encrypt.pod b/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
index 02edb7aa756f..9ae5f93152f9 100644
--- a/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
+++ b/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
@@ -72,7 +72,8 @@ SSL, PKCS #1 v2.0
=head1 SEE ALSO
-L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)>
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_size(3)|RSA_size(3)>
=head1 NOTES
diff --git a/crypto/openssl/doc/crypto/RSA_sign.pod b/crypto/openssl/doc/crypto/RSA_sign.pod
index f0bf6eea1b35..71688a665e13 100644
--- a/crypto/openssl/doc/crypto/RSA_sign.pod
+++ b/crypto/openssl/doc/crypto/RSA_sign.pod
@@ -50,8 +50,8 @@ SSL, PKCS #1 v2.0
=head1 SEE ALSO
-L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rsa(3)|rsa(3)>,
-L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
L<RSA_public_decrypt(3)|RSA_public_decrypt(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
index df9ceb339a63..e70380bbfc96 100644
--- a/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
+++ b/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
@@ -47,8 +47,8 @@ These functions serve no recognizable purpose.
=head1 SEE ALSO
-L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rand(3)|rand(3)>,
-L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
L<RSA_verify(3)|RSA_verify(3)>
=head1 HISTORY
diff --git a/crypto/openssl/doc/openssl.txt b/crypto/openssl/doc/openssl.txt
index 5da519e7e465..432a17b66cf8 100644
--- a/crypto/openssl/doc/openssl.txt
+++ b/crypto/openssl/doc/openssl.txt
@@ -344,7 +344,7 @@ the extension.
Examples:
-subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/
+subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
subjectAltName=email:my@other.address,RID:1.2.3.4
Issuer Alternative Name.
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod b/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
index af326c2f7340..82676b26b239 100644
--- a/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
+++ b/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
@@ -37,6 +37,14 @@ removed and replaced by the new session. If the session is actually
identical (the SSL_SESSION object is identical), SSL_CTX_add_session()
is a no-op, and the return value is 0.
+If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE
+flag then the internal cache will not be populated automatically by new
+sessions negotiated by the SSL/TLS implementation, even though the internal
+cache will be searched automatically for session-resume requests (the
+latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
+application can use SSL_CTX_add_session() directly to have full control
+over the sessions that can be resumed if desired.
+
=head1 RETURN VALUES
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
index 9aa6c6b2e393..c5d2f43dff15 100644
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
+++ b/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
@@ -26,12 +26,14 @@ SSL_CTX object is being maintained, the sessions are unique for each SSL_CTX
object.
In order to reuse a session, a client must send the session's id to the
-server. It can only send exactly one id. The server then decides whether it
-agrees in reusing the session or starts the handshake for a new session.
+server. It can only send exactly one id. The server then either
+agrees to reuse the session or it starts a full handshake (to create a new
+session).
-A server will lookup up the session in its internal session storage. If
-the session is not found in internal storage or internal storage is
-deactivated, the server will try the external storage if available.
+A server will lookup up the session in its internal session storage. If the
+session is not found in internal storage or lookups for the internal storage
+have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try
+the external storage if available.
Since a client may try to reuse a session intended for use in a different
context, the session id context must be set by the server (see
@@ -57,9 +59,10 @@ function. This option is not activated by default.
=item SSL_SESS_CACHE_SERVER
Server sessions are added to the session cache. When a client proposes a
-session to be reused, the session is looked up in the internal session cache.
-If the session is found, the server will try to reuse the session.
-This is the default.
+session to be reused, the server looks for the corresponding session in (first)
+the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set),
+then (second) in the external cache if available. If the session is found, the
+server will try to reuse the session. This is the default.
=item SSL_SESS_CACHE_BOTH
@@ -77,12 +80,32 @@ explicitly by the application.
=item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
-By setting this flag sessions are cached in the internal storage but
-they are not looked up automatically. If an external session cache
-is enabled, sessions are looked up in the external cache. As automatic
-lookup only applies for SSL/TLS servers, the flag has no effect on
+By setting this flag, session-resume operations in an SSL/TLS server will not
+automatically look up sessions in the internal cache, even if sessions are
+automatically stored there. If external session caching callbacks are in use,
+this flag guarantees that all lookups are directed to the external cache.
+As automatic lookup only applies for SSL/TLS servers, the flag has no effect on
clients.
+=item SSL_SESS_CACHE_NO_INTERNAL_STORE
+
+Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER,
+sessions negotiated in an SSL/TLS handshake may be cached for possible reuse.
+Normally a new session is added to the internal cache as well as any external
+session caching (callback) that is configured for the SSL_CTX. This flag will
+prevent sessions being stored in the internal cache (though the application can
+add them manually using L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>). Note:
+in any SSL/TLS servers where external caching is configured, any successful
+session lookups in the external cache (ie. for session-resume requests) would
+normally be copied into the local cache before processing continues - this flag
+prevents these additions to the internal cache as well.
+
+=item SSL_SESS_CACHE_NO_INTERNAL
+
+Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and
+SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.
+
+
=back
The default mode is SSL_SESS_CACHE_SERVER.
@@ -98,6 +121,7 @@ SSL_CTX_get_session_cache_mode() returns the currently set cache mode.
L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
L<SSL_session_reused(3)|SSL_session_reused(3)>,
+L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
@@ -105,4 +129,9 @@ L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
+=head1 HISTORY
+
+SSL_SESS_CACHE_NO_INTERNAL_STORE and SSL_SESS_CACHE_NO_INTERNAL
+were introduced in OpenSSL 0.9.6h.
+
=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
index 5bb21ca53570..d15b2a3a1a5b 100644
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
+++ b/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
@@ -235,7 +235,7 @@ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>).
* At this point, err contains the last verification error. We can use
* it for something special
*/
- if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
+ if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
{
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
printf("issuer= %s\n", buf);
diff --git a/crypto/openssl/doc/ssl/ssl.pod b/crypto/openssl/doc/ssl/ssl.pod
index 2dcee0385a40..8c4970491c22 100644
--- a/crypto/openssl/doc/ssl/ssl.pod
+++ b/crypto/openssl/doc/ssl/ssl.pod
@@ -347,7 +347,7 @@ appropriate size (using ???) and return it.
long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
-The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL
+The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL
session instead of a context.
=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
diff --git a/crypto/openssl/e_os.h b/crypto/openssl/e_os.h
index d49c6ef7e739..58df717722c4 100644
--- a/crypto/openssl/e_os.h
+++ b/crypto/openssl/e_os.h
@@ -219,10 +219,11 @@ extern "C" {
# define _kbhit kbhit
# endif
-# if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
-# define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); }
+# if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+# define EXIT(n) _wsetexit(_WINEXITNOPERSIST)
+# define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)
# else
-# define EXIT(n) return(n);
+# define EXIT(n) return(n)
# endif
# define LIST_SEPARATOR_CHAR ';'
# ifndef X_OK
@@ -275,18 +276,13 @@ extern "C" {
the status is tagged as an error, which I believe is what is wanted here.
-- Richard Levitte
*/
-# if !defined(MONOLITH) || defined(OPENSSL_C)
-# define EXIT(n) do { int __VMS_EXIT = n; \
+# define EXIT(n) do { int __VMS_EXIT = n; \
if (__VMS_EXIT == 0) \
__VMS_EXIT = 1; \
else \
__VMS_EXIT = (n << 3) | 2; \
__VMS_EXIT |= 0x10000000; \
- exit(__VMS_EXIT); \
- return(__VMS_EXIT); } while(0)
-# else
-# define EXIT(n) return(n)
-# endif
+ exit(__VMS_EXIT); } while(0)
# define NO_SYS_PARAM_H
# else
/* !defined VMS */
@@ -317,11 +313,7 @@ extern "C" {
# define RFILE ".rnd"
# define LIST_SEPARATOR_CHAR ':'
# define NUL_DEV "/dev/null"
-# ifndef MONOLITH
-# define EXIT(n) exit(n); return(n)
-# else
-# define EXIT(n) return(n)
-# endif
+# define EXIT(n) exit(n)
# endif
# define SSLeay_getpid() getpid()
@@ -441,6 +433,14 @@ extern char *sys_errlist[]; extern int sys_nerr;
(((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
#endif
+#ifndef OPENSSL_EXIT
+# if defined(MONOLITH) && !defined(OPENSSL_C)
+# define OPENSSL_EXIT(n) return(n)
+# else
+# define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)
+# endif
+#endif
+
/***********************************************/
/* do we need to do this for getenv.
diff --git a/crypto/openssl/openssl.spec b/crypto/openssl/openssl.spec
index 9bd9edb4b0e9..c3ca2610e4ad 100644
--- a/crypto/openssl/openssl.spec
+++ b/crypto/openssl/openssl.spec
@@ -1,7 +1,7 @@
%define libmaj 0
%define libmin 9
%define librel 6
-%define librev g
+%define librev i
Release: 1
%define openssldir /var/ssl
diff --git a/crypto/openssl/ssl/Makefile.ssl b/crypto/openssl/ssl/Makefile.ssl
index 4b8053ace67c..c25e6c8ea1af 100644
--- a/crypto/openssl/ssl/Makefile.ssl
+++ b/crypto/openssl/ssl/Makefile.ssl
@@ -84,7 +84,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/crypto/openssl/ssl/s23_clnt.c b/crypto/openssl/ssl/s23_clnt.c
index 4a7aff59ad94..8c198d44b30b 100644
--- a/crypto/openssl/ssl/s23_clnt.c
+++ b/crypto/openssl/ssl/s23_clnt.c
@@ -54,8 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD$
*/
#include <stdio.h>
@@ -89,18 +87,25 @@ SSL_METHOD *SSLv23_client_method(void)
if (init)
{
- memcpy((char *)&SSLv23_client_data,
- (char *)sslv23_base_method(),sizeof(SSL_METHOD));
- SSLv23_client_data.ssl_connect=ssl23_connect;
- SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
- init=0;
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+ if (init)
+ {
+ memcpy((char *)&SSLv23_client_data,
+ (char *)sslv23_base_method(),sizeof(SSL_METHOD));
+ SSLv23_client_data.ssl_connect=ssl23_connect;
+ SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+ init=0;
+ }
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv23_client_data);
}
int ssl23_connect(SSL *s)
{
- BUF_MEM *buf;
+ BUF_MEM *buf=NULL;
unsigned long Time=time(NULL);
void (*cb)()=NULL;
int ret= -1;
@@ -154,6 +159,7 @@ int ssl23_connect(SSL *s)
goto end;
}
s->init_buf=buf;
+ buf=NULL;
}
if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
@@ -202,6 +208,8 @@ int ssl23_connect(SSL *s)
}
end:
s->in_handshake--;
+ if (buf != NULL)
+ BUF_MEM_free(buf);
if (cb != NULL)
cb(s,SSL_CB_CONNECT_EXIT,ret);
return(ret);
diff --git a/crypto/openssl/ssl/s23_lib.c b/crypto/openssl/ssl/s23_lib.c
index fe7e2d117363..ad2d8dadf755 100644
--- a/crypto/openssl/ssl/s23_lib.c
+++ b/crypto/openssl/ssl/s23_lib.c
@@ -54,8 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD$
*/
#include <stdio.h>
diff --git a/crypto/openssl/ssl/s23_meth.c b/crypto/openssl/ssl/s23_meth.c
index 40684311db30..f207140835f8 100644
--- a/crypto/openssl/ssl/s23_meth.c
+++ b/crypto/openssl/ssl/s23_meth.c
@@ -80,12 +80,19 @@ SSL_METHOD *SSLv23_method(void)
if (init)
{
- memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
- sizeof(SSL_METHOD));
- SSLv23_data.ssl_connect=ssl23_connect;
- SSLv23_data.ssl_accept=ssl23_accept;
- SSLv23_data.get_ssl_method=ssl23_get_method;
- init=0;
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+ if (init)
+ {
+ memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
+ sizeof(SSL_METHOD));
+ SSLv23_data.ssl_connect=ssl23_connect;
+ SSLv23_data.ssl_accept=ssl23_accept;
+ SSLv23_data.get_ssl_method=ssl23_get_method;
+ init=0;
+ }
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv23_data);
}
diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c
index b93f315bedab..40ffb65efd0a 100644
--- a/crypto/openssl/ssl/s23_srvr.c
+++ b/crypto/openssl/ssl/s23_srvr.c
@@ -54,8 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD$
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
@@ -141,11 +139,18 @@ SSL_METHOD *SSLv23_server_method(void)
if (init)
{
- memcpy((char *)&SSLv23_server_data,
- (char *)sslv23_base_method(),sizeof(SSL_METHOD));
- SSLv23_server_data.ssl_accept=ssl23_accept;
- SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
- init=0;
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+ if (init)
+ {
+ memcpy((char *)&SSLv23_server_data,
+ (char *)sslv23_base_method(),sizeof(SSL_METHOD));
+ SSLv23_server_data.ssl_accept=ssl23_accept;
+ SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+ init=0;
+ }
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv23_server_data);
}
diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c
index 82b70c780e67..61adfcf199e2 100644
--- a/crypto/openssl/ssl/s2_clnt.c
+++ b/crypto/openssl/ssl/s2_clnt.c
@@ -107,7 +107,6 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
- * $FreeBSD$
*/
#include "ssl_locl.h"
@@ -146,11 +145,18 @@ SSL_METHOD *SSLv2_client_method(void)
if (init)
{
- memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
- sizeof(SSL_METHOD));
- SSLv2_client_data.ssl_connect=ssl2_connect;
- SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
- init=0;
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+ if (init)
+ {
+ memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
+ sizeof(SSL_METHOD));
+ SSLv2_client_data.ssl_connect=ssl2_connect;
+ SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
+ init=0;
+ }
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv2_client_data);
}
@@ -202,10 +208,13 @@ int ssl2_connect(SSL *s)
if (!BUF_MEM_grow(buf,
SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
{
+ if (buf == s->init_buf)
+ buf=NULL;
ret= -1;
goto end;
}
s->init_buf=buf;
+ buf=NULL;
s->init_num=0;
s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
s->ctx->stats.sess_connect++;
@@ -332,6 +341,8 @@ int ssl2_connect(SSL *s)
}
end:
s->in_handshake--;
+ if (buf != NULL)
+ BUF_MEM_free(buf);
if (cb != NULL)
cb(s,SSL_CB_CONNECT_EXIT,ret);
return(ret);
@@ -746,8 +757,8 @@ static int client_certificate(SSL *s)
if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
{
i=ssl2_read(s,(char *)&(buf[s->init_num]),
- SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
- if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
+ SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num);
+ if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num))
return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
s->init_num += i;
diff --git a/crypto/openssl/ssl/s2_enc.c b/crypto/openssl/ssl/s2_enc.c
index 3917efb4ae7b..8e5975cdc82f 100644
--- a/crypto/openssl/ssl/s2_enc.c
+++ b/crypto/openssl/ssl/s2_enc.c
@@ -54,8 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD$
*/
#include "ssl_locl.h"
diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c
index 64c6575c47c7..bc4113cd6811 100644
--- a/crypto/openssl/ssl/s2_lib.c
+++ b/crypto/openssl/ssl/s2_lib.c
@@ -54,8 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD$
*/
#include "ssl_locl.h"
@@ -309,7 +307,7 @@ void ssl2_free(SSL *s)
s2=s->s2;
if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
- memset(s2,0,sizeof *s2);
+ OPENSSL_cleanse(s2,sizeof *s2);
OPENSSL_free(s2);
s->s2=NULL;
}
@@ -378,15 +376,19 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
{
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
- for (i=0; i<SSL2_NUM_CIPHERS; i++)
- sorted[i]= &(ssl2_ciphers[i]);
+ if (init)
+ {
+ for (i=0; i<SSL2_NUM_CIPHERS; i++)
+ sorted[i]= &(ssl2_ciphers[i]);
- qsort( (char *)sorted,
- SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
- FP_ICC ssl_cipher_ptr_id_cmp);
+ qsort((char *)sorted,
+ SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+ FP_ICC ssl_cipher_ptr_id_cmp);
+ init=0;
+ }
+
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- init=0;
}
id=0x02000000L|((unsigned long)p[0]<<16L)|
diff --git a/crypto/openssl/ssl/s2_meth.c b/crypto/openssl/ssl/s2_meth.c
index 01cc05ff51f6..4483572fcec9 100644
--- a/crypto/openssl/ssl/s2_meth.c
+++ b/crypto/openssl/ssl/s2_meth.c
@@ -54,8 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD$
*/
#include "ssl_locl.h"
@@ -79,12 +77,19 @@ SSL_METHOD *SSLv2_method(void)
if (init)
{
- memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
- sizeof(SSL_METHOD));
- SSLv2_data.ssl_connect=ssl2_connect;
- SSLv2_data.ssl_accept=ssl2_accept;
- SSLv2_data.get_ssl_method=ssl2_get_method;
- init=0;
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+ if (init)
+ {
+ memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
+ sizeof(SSL_METHOD));
+ SSLv2_data.ssl_connect=ssl2_connect;
+ SSLv2_data.ssl_accept=ssl2_accept;
+ SSLv2_data.get_ssl_method=ssl2_get_method;
+ init=0;
+ }
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv2_data);
}
diff --git a/crypto/openssl/ssl/s2_pkt.c b/crypto/openssl/ssl/s2_pkt.c
index 067d9dfa68b4..3cd7597fe700 100644
--- a/crypto/openssl/ssl/s2_pkt.c
+++ b/crypto/openssl/ssl/s2_pkt.c
@@ -107,7 +107,6 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
- * $FreeBSD$
*/
#include "ssl_locl.h"
diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c
index 32519a7c5da5..4ba8fb6534d5 100644
--- a/crypto/openssl/ssl/s2_srvr.c
+++ b/crypto/openssl/ssl/s2_srvr.c
@@ -107,7 +107,6 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
- * $FreeBSD$
*/
#include "ssl_locl.h"
@@ -146,11 +145,18 @@ SSL_METHOD *SSLv2_server_method(void)
if (init)
{
- memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
- sizeof(SSL_METHOD));
- SSLv2_server_data.ssl_accept=ssl2_accept;
- SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
- init=0;
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+ if (init)
+ {
+ memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
+ sizeof(SSL_METHOD));
+ SSLv2_server_data.ssl_accept=ssl2_accept;
+ SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+ init=0;
+ }
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv2_server_data);
}
@@ -1002,7 +1008,7 @@ static int request_certificate(SSL *s)
len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
+ SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
goto end;
}
j = (int)len - s->init_num;
diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c
index 32b9cea1cabf..60c97ee62940 100644
--- a/crypto/openssl/ssl/s3_clnt.c
+++ b/crypto/openssl/ssl/s3_clnt.c
@@ -146,18 +146,25 @@ SSL_METHOD *SSLv3_client_method(void)
if (init)
{
- init=0;
- memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
- sizeof(SSL_METHOD));
- SSLv3_client_data.ssl_connect=ssl3_connect;
- SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+ if (init)
+ {
+ memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
+ sizeof(SSL_METHOD));
+ SSLv3_client_data.ssl_connect=ssl3_connect;
+ SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+ init=0;
+ }
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv3_client_data);
}
int ssl3_connect(SSL *s)
{
- BUF_MEM *buf;
+ BUF_MEM *buf=NULL;
unsigned long Time=time(NULL),l;
long num1;
void (*cb)()=NULL;
@@ -218,6 +225,7 @@ int ssl3_connect(SSL *s)
goto end;
}
s->init_buf=buf;
+ buf=NULL;
}
if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
@@ -496,6 +504,8 @@ int ssl3_connect(SSL *s)
}
end:
s->in_handshake--;
+ if (buf != NULL)
+ BUF_MEM_free(buf);
if (cb != NULL)
cb(s,SSL_CB_CONNECT_EXIT,ret);
return(ret);
@@ -632,23 +642,11 @@ static int ssl3_get_server_hello(SSL *s)
/* get the session-id */
j= *(p++);
- if(j > sizeof s->session->session_id)
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
- SSL_R_SSL3_SESSION_ID_TOO_LONG);
- goto f_err;
- }
-
- if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
+ if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
{
- /* SSLref returns 16 :-( */
- if (j < SSL2_SSL_SESSION_ID_LENGTH)
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
- goto f_err;
- }
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ goto f_err;
}
if (j != 0 && j == s->session->session_id_length
&& memcmp(p,s->session->session_id,j) == 0)
@@ -656,6 +654,7 @@ static int ssl3_get_server_hello(SSL *s)
if(s->sid_ctx_length != s->session->sid_ctx_length
|| memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
{
+ /* actually a client application bug */
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
goto f_err;
@@ -699,7 +698,12 @@ static int ssl3_get_server_hello(SSL *s)
goto f_err;
}
- if (s->hit && (s->session->cipher != c))
+ /* Depending on the session caching (internal/external), the cipher
+ and/or cipher_id values may not be set. Make sure that
+ cipher_id is set and use it for comparison. */
+ if (s->session->cipher)
+ s->session->cipher_id = s->session->cipher->id;
+ if (s->hit && (s->session->cipher_id != c->id))
{
if (!(s->options &
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
@@ -1460,7 +1464,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
- memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
+ OPENSSL_cleanse(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
}
else
#endif
diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c
index 79fa4f97c24f..bbadac0d3705 100644
--- a/crypto/openssl/ssl/s3_enc.c
+++ b/crypto/openssl/ssl/s3_enc.c
@@ -174,7 +174,7 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
km+=MD5_DIGEST_LENGTH;
}
- memset(smd,0,SHA_DIGEST_LENGTH);
+ OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
}
int ssl3_change_cipher_state(SSL *s, int which)
@@ -318,8 +318,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
- memset(&(exp_key[0]),0,sizeof(exp_key));
- memset(&(exp_iv[0]),0,sizeof(exp_iv));
+ OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
+ OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
return(1);
err:
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
@@ -390,7 +390,7 @@ void ssl3_cleanup_key_block(SSL *s)
{
if (s->s3->tmp.key_block != NULL)
{
- memset(s->s3->tmp.key_block,0,
+ OPENSSL_cleanse(s->s3->tmp.key_block,
s->s3->tmp.key_block_length);
OPENSSL_free(s->s3->tmp.key_block);
s->s3->tmp.key_block=NULL;
@@ -456,6 +456,7 @@ int ssl3_enc(SSL *s, int send)
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
return 0;
}
+ /* otherwise, rec->length >= bs */
}
EVP_Cipher(ds,rec->data,rec->input,l);
@@ -464,7 +465,7 @@ int ssl3_enc(SSL *s, int send)
{
i=rec->data[l-1]+1;
/* SSL 3.0 bounds the number of padding bytes by the block size;
- * padding bytes (except that last) are arbitrary */
+ * padding bytes (except the last one) are arbitrary */
if (i > bs)
{
/* Incorrect padding. SSLerr() and ssl3_alert are done
@@ -473,6 +474,7 @@ int ssl3_enc(SSL *s, int send)
* (see http://www.openssl.org/~bodo/tls-cbc.txt) */
return -1;
}
+ /* now i <= bs <= rec->length */
rec->length-=i;
}
}
diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c
index 9951ebb4191e..fb8ce5e2e318 100644
--- a/crypto/openssl/ssl/s3_lib.c
+++ b/crypto/openssl/ssl/s3_lib.c
@@ -732,7 +732,7 @@ void ssl3_free(SSL *s)
#endif
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
- memset(s->s3,0,sizeof *s->s3);
+ OPENSSL_cleanse(s->s3,sizeof *s->s3);
OPENSSL_free(s->s3);
s->s3=NULL;
}
@@ -1084,16 +1084,19 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
{
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
- for (i=0; i<SSL3_NUM_CIPHERS; i++)
- sorted[i]= &(ssl3_ciphers[i]);
+ if (init)
+ {
+ for (i=0; i<SSL3_NUM_CIPHERS; i++)
+ sorted[i]= &(ssl3_ciphers[i]);
- qsort( (char *)sorted,
- SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
- FP_ICC ssl_cipher_ptr_id_cmp);
+ qsort(sorted,
+ SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+ FP_ICC ssl_cipher_ptr_id_cmp);
+ init=0;
+ }
+
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-
- init=0;
}
id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
diff --git a/crypto/openssl/ssl/s3_meth.c b/crypto/openssl/ssl/s3_meth.c
index 81bcad89c52f..1fd7a96f87ba 100644
--- a/crypto/openssl/ssl/s3_meth.c
+++ b/crypto/openssl/ssl/s3_meth.c
@@ -76,12 +76,19 @@ SSL_METHOD *SSLv3_method(void)
if (init)
{
- memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
- sizeof(SSL_METHOD));
- SSLv3_data.ssl_connect=ssl3_connect;
- SSLv3_data.ssl_accept=ssl3_accept;
- SSLv3_data.get_ssl_method=ssl3_get_method;
- init=0;
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+ if (init)
+ {
+ memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
+ sizeof(SSL_METHOD));
+ SSLv3_data.ssl_connect=ssl3_connect;
+ SSLv3_data.ssl_accept=ssl3_accept;
+ SSLv3_data.get_ssl_method=ssl3_get_method;
+ init=0;
+ }
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv3_data);
}
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c
index f52303c7c3e0..caf975d68880 100644
--- a/crypto/openssl/ssl/s3_pkt.c
+++ b/crypto/openssl/ssl/s3_pkt.c
@@ -238,6 +238,8 @@ static int ssl3_get_record(SSL *s)
unsigned int mac_size;
int clear=0;
size_t extra;
+ int decryption_failed_or_bad_record_mac = 0;
+ unsigned char *mac = NULL;
rr= &(s->s3->rrec);
sess=s->session;
@@ -353,8 +355,11 @@ again:
/* SSLerr() and ssl3_send_alert() have been called */
goto err;
- /* otherwise enc_err == -1 */
- goto decryption_failed_or_bad_record_mac;
+ /* Otherwise enc_err == -1, which indicates bad padding
+ * (rec->length has not been changed in this case).
+ * To minimize information leaked via timing, we will perform
+ * the MAC computation anyway. */
+ decryption_failed_or_bad_record_mac = 1;
}
#ifdef TLS_DEBUG
@@ -380,28 +385,46 @@ printf("\n");
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
goto f_err;
#else
- goto decryption_failed_or_bad_record_mac;
+ decryption_failed_or_bad_record_mac = 1;
#endif
}
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
- if (rr->length < mac_size)
+ if (rr->length >= mac_size)
{
+ rr->length -= mac_size;
+ mac = &rr->data[rr->length];
+ }
+ else
+ {
+ /* record (minus padding) is too short to contain a MAC */
#if 0 /* OK only for stream ciphers */
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
goto f_err;
#else
- goto decryption_failed_or_bad_record_mac;
+ decryption_failed_or_bad_record_mac = 1;
+ rr->length = 0;
#endif
}
- rr->length-=mac_size;
i=s->method->ssl3_enc->mac(s,md,0);
- if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+ if (mac == NULL || memcmp(md, mac, mac_size) != 0)
{
- goto decryption_failed_or_bad_record_mac;
+ decryption_failed_or_bad_record_mac = 1;
}
}
+ if (decryption_failed_or_bad_record_mac)
+ {
+ /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
+ * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
+ * failure is directly visible from the ciphertext anyway,
+ * we should not reveal which kind of error occured -- this
+ * might become visible to an attacker (e.g. via a logfile) */
+ al=SSL_AD_BAD_RECORD_MAC;
+ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+ goto f_err;
+ }
+
/* r->length is now just compressed */
if (s->expand != NULL)
{
@@ -443,14 +466,6 @@ printf("\n");
return(1);
-decryption_failed_or_bad_record_mac:
- /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
- * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
- * failure is directly visible from the ciphertext anyway,
- * we should not reveal which kind of error occured -- this
- * might become visible to an attacker (e.g. via logfile) */
- al=SSL_AD_BAD_RECORD_MAC;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
index fe1e6890142b..6b414cfa5c8b 100644
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -151,11 +151,18 @@ SSL_METHOD *SSLv3_server_method(void)
if (init)
{
- memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
- sizeof(SSL_METHOD));
- SSLv3_server_data.ssl_accept=ssl3_accept;
- SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
- init=0;
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+ if (init)
+ {
+ memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+ sizeof(SSL_METHOD));
+ SSLv3_server_data.ssl_accept=ssl3_accept;
+ SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+ init=0;
+ }
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv3_server_data);
}
@@ -1464,7 +1471,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
p,i);
- memset(p,0,i);
+ OPENSSL_cleanse(p,i);
}
else
#endif
@@ -1527,7 +1534,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,p,i);
- memset(p,0,i);
+ OPENSSL_cleanse(p,i);
}
else
#endif
@@ -1559,7 +1566,7 @@ static int ssl3_get_cert_verify(SSL *s)
SSL3_ST_SR_CERT_VRFY_A,
SSL3_ST_SR_CERT_VRFY_B,
-1,
- 512, /* 512? */
+ 514, /* 514? */
&ok);
if (!ok) return((int)n);
diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h
index 3eecead605c9..ed2eae96e3a1 100644
--- a/crypto/openssl/ssl/ssl.h
+++ b/crypto/openssl/ssl/ssl.h
@@ -551,10 +551,11 @@ struct ssl_ctx_st
#define SSL_SESS_CACHE_SERVER 0x0002
#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
-/* This one, when set, makes the server session-id lookup not look
- * in the cache. If there is an application get_session callback
- * defined, this will still get called. */
+/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
+#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
+#define SSL_SESS_CACHE_NO_INTERNAL \
+ (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
#define SSL_CTX_sess_number(ctx) \
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
index 4f84a3476da0..6bc3d4d70ea9 100644
--- a/crypto/openssl/ssl/ssl_lib.c
+++ b/crypto/openssl/ssl/ssl_lib.c
@@ -1245,13 +1245,24 @@ void SSL_CTX_free(SSL_CTX *a)
abort(); /* ok */
}
#endif
+
+ /*
+ * Free internal session cache. However: the remove_cb() may reference
+ * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+ * after the sessions were flushed.
+ * As the ex_data handling routines might also touch the session cache,
+ * the most secure solution seems to be: empty (flush) the cache, then
+ * free ex_data, then finally free the cache.
+ * (See ticket [openssl.org #212].)
+ */
+ if (a->sessions != NULL)
+ SSL_CTX_flush_sessions(a,0);
+
CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
if (a->sessions != NULL)
- {
- SSL_CTX_flush_sessions(a,0);
- lh_free(a->sessions);
- }
+ lh_free(a->sessions);
+
if (a->cert_store != NULL)
X509_STORE_free(a->cert_store);
if (a->cipher_list != NULL)
@@ -1472,7 +1483,7 @@ void ssl_update_cache(SSL *s,int mode)
i=s->ctx->session_cache_mode;
if ((i & mode) && (!s->hit)
- && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)
+ && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
|| SSL_CTX_add_session(s->ctx,s->session))
&& (s->ctx->new_session_cb != NULL))
{
diff --git a/crypto/openssl/ssl/ssl_sess.c b/crypto/openssl/ssl/ssl_sess.c
index 2f2d5bc27f7c..a8668e42e640 100644
--- a/crypto/openssl/ssl/ssl_sess.c
+++ b/crypto/openssl/ssl/ssl_sess.c
@@ -258,9 +258,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
if (copy)
CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
- /* The following should not return 1, otherwise,
- * things are very strange */
- SSL_CTX_add_session(s->ctx,ret);
+ /* Add the externally cached session to the internal
+ * cache as well if and only if we are supposed to. */
+ if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
+ /* The following should not return 1, otherwise,
+ * things are very strange */
+ SSL_CTX_add_session(s->ctx,ret);
}
if (ret == NULL)
goto err;
@@ -474,13 +477,13 @@ void SSL_SESSION_free(SSL_SESSION *ss)
CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
- memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
- memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
- memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
+ OPENSSL_cleanse(ss->key_arg,SSL_MAX_KEY_ARG_LENGTH);
+ OPENSSL_cleanse(ss->master_key,SSL_MAX_MASTER_KEY_LENGTH);
+ OPENSSL_cleanse(ss->session_id,SSL_MAX_SSL_SESSION_ID_LENGTH);
if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
if (ss->peer != NULL) X509_free(ss->peer);
if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
- memset(ss,0,sizeof(*ss));
+ OPENSSL_cleanse(ss,sizeof(*ss));
OPENSSL_free(ss);
}
diff --git a/crypto/openssl/ssl/ssltest.c b/crypto/openssl/ssl/ssltest.c
index 5f91ed19c737..3de9663e51ae 100644
--- a/crypto/openssl/ssl/ssltest.c
+++ b/crypto/openssl/ssl/ssltest.c
@@ -224,12 +224,13 @@ int main(int argc, char *argv[])
verbose = 0;
debug = 0;
cipher = 0;
-
+
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
RAND_seed(rnd_seed, sizeof rnd_seed);
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
argc--;
@@ -247,12 +248,22 @@ int main(int argc, char *argv[])
debug=1;
else if (strcmp(*argv,"-reuse") == 0)
reuse=1;
-#ifndef NO_DH
else if (strcmp(*argv,"-dhe1024") == 0)
+ {
+#ifndef NO_DH
dhe1024=1;
+#else
+ fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
+#endif
+ }
else if (strcmp(*argv,"-dhe1024dsa") == 0)
+ {
+#ifndef NO_DH
dhe1024dsa=1;
+#else
+ fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
#endif
+ }
else if (strcmp(*argv,"-no_dhe") == 0)
no_dhe=1;
else if (strcmp(*argv,"-ssl2") == 0)
@@ -355,7 +366,7 @@ bad:
"the test anyway (and\n-d to see what happens), "
"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
"to avoid protocol mismatch.\n");
- exit(1);
+ EXIT(1);
}
if (print_time)
@@ -620,6 +631,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
int i, r;
clock_t c_clock = clock();
+ memset(cbuf, 0, sizeof(cbuf));
+
if (debug)
if (SSL_in_init(c_ssl))
printf("client waiting in SSL_connect - %s\n",
@@ -704,6 +717,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
int i, r;
clock_t s_clock = clock();
+ memset(sbuf, 0, sizeof(sbuf));
+
if (debug)
if (SSL_in_init(s_ssl))
printf("server waiting in SSL_accept - %s\n",
@@ -947,6 +962,9 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
int c_write,s_write;
int do_server=0,do_client=0;
+ memset(cbuf,0,sizeof(cbuf));
+ memset(sbuf,0,sizeof(sbuf));
+
c_to_s=BIO_new(BIO_s_mem());
s_to_c=BIO_new(BIO_s_mem());
if ((s_to_c == NULL) || (c_to_s == NULL))
diff --git a/crypto/openssl/ssl/t1_clnt.c b/crypto/openssl/ssl/t1_clnt.c
index 9745630a008c..f68b9cc08567 100644
--- a/crypto/openssl/ssl/t1_clnt.c
+++ b/crypto/openssl/ssl/t1_clnt.c
@@ -79,11 +79,18 @@ SSL_METHOD *TLSv1_client_method(void)
if (init)
{
- memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
- sizeof(SSL_METHOD));
- TLSv1_client_data.ssl_connect=ssl3_connect;
- TLSv1_client_data.get_ssl_method=tls1_get_client_method;
- init=0;
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+ if (init)
+ {
+ memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
+ sizeof(SSL_METHOD));
+ TLSv1_client_data.ssl_connect=ssl3_connect;
+ TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+ init=0;
+ }
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&TLSv1_client_data);
}
diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c
index f3ecc5f5869e..a11e1130d8de 100644
--- a/crypto/openssl/ssl/t1_enc.c
+++ b/crypto/openssl/ssl/t1_enc.c
@@ -158,7 +158,7 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
}
HMAC_cleanup(&ctx);
HMAC_cleanup(&ctx_tmp);
- memset(A1,0,sizeof(A1));
+ OPENSSL_cleanse(A1,sizeof(A1));
}
static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
@@ -372,10 +372,10 @@ printf("\niv=");
printf("\n");
#endif
- memset(tmp1,0,sizeof(tmp1));
- memset(tmp2,0,sizeof(tmp1));
- memset(iv1,0,sizeof(iv1));
- memset(iv2,0,sizeof(iv2));
+ OPENSSL_cleanse(tmp1,sizeof(tmp1));
+ OPENSSL_cleanse(tmp2,sizeof(tmp1));
+ OPENSSL_cleanse(iv1,sizeof(iv1));
+ OPENSSL_cleanse(iv2,sizeof(iv2));
return(1);
err:
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
@@ -426,7 +426,7 @@ printf("pre-master\n");
{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
#endif
tls1_generate_key_block(s,p1,p2,num);
- memset(p2,0,num);
+ OPENSSL_cleanse(p2,num);
OPENSSL_free(p2);
#ifdef TLS_DEBUG
printf("\nkey block\n");
diff --git a/crypto/openssl/ssl/t1_meth.c b/crypto/openssl/ssl/t1_meth.c
index 9bb36a7d1ca9..fcc243f78264 100644
--- a/crypto/openssl/ssl/t1_meth.c
+++ b/crypto/openssl/ssl/t1_meth.c
@@ -76,13 +76,21 @@ SSL_METHOD *TLSv1_method(void)
if (init)
{
- memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
- sizeof(SSL_METHOD));
- TLSv1_data.ssl_connect=ssl3_connect;
- TLSv1_data.ssl_accept=ssl3_accept;
- TLSv1_data.get_ssl_method=tls1_get_method;
- init=0;
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+ if (init)
+ {
+ memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
+ sizeof(SSL_METHOD));
+ TLSv1_data.ssl_connect=ssl3_connect;
+ TLSv1_data.ssl_accept=ssl3_accept;
+ TLSv1_data.get_ssl_method=tls1_get_method;
+ init=0;
+ }
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
+
return(&TLSv1_data);
}
diff --git a/crypto/openssl/ssl/t1_srvr.c b/crypto/openssl/ssl/t1_srvr.c
index 996b7ca8e2ef..7486c553de4e 100644
--- a/crypto/openssl/ssl/t1_srvr.c
+++ b/crypto/openssl/ssl/t1_srvr.c
@@ -80,11 +80,18 @@ SSL_METHOD *TLSv1_server_method(void)
if (init)
{
- memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
- sizeof(SSL_METHOD));
- TLSv1_server_data.ssl_accept=ssl3_accept;
- TLSv1_server_data.get_ssl_method=tls1_get_server_method;
- init=0;
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+ if (init)
+ {
+ memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
+ sizeof(SSL_METHOD));
+ TLSv1_server_data.ssl_accept=ssl3_accept;
+ TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+ init=0;
+ }
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&TLSv1_server_data);
}
diff --git a/crypto/openssl/test/Makefile.ssl b/crypto/openssl/test/Makefile.ssl
index 3cb1283d7c60..a6e22a3b86c0 100644
--- a/crypto/openssl/test/Makefile.ssl
+++ b/crypto/openssl/test/Makefile.ssl
@@ -85,7 +85,7 @@ top:
all: exe
-exe: $(EXE)
+exe: $(EXE) dummytest
files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
@@ -93,6 +93,10 @@ files:
links:
@@$(TOP)/util/point.sh Makefile.ssl Makefile
+generate: $(SRC)
+$(SRC):
+ @$(TOP)/util/point.sh dummytest.c $@
+
errors:
install:
@@ -109,7 +113,7 @@ tests: exe apps \
test_ss test_ca test_ssl
apps:
- @(cd ../apps; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all)
+ @(cd ..; $(MAKE) DIRS=apps all)
test_des:
./$(DESTEST)
@@ -233,7 +237,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
- $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+ $(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -243,10 +247,10 @@ clean:
rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
$(DLIBSSL):
- (cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+ (cd ..; $(MAKE) DIRS=ssl all)
$(DLIBCRYPTO):
- (cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+ (cd ..; $(MAKE) DIRS=crypto all)
$(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
@@ -317,9 +321,13 @@ $(METHTEST): $(METHTEST).o $(DLIBCRYPTO)
$(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+dummytest: dummytest.o $(DLIBCRYPTO)
+ $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
# DO NOT DELETE THIS LINE -- make depend depends on it.
-bftest.o: ../include/openssl/blowfish.h
+bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h
+bftest.o: ../include/openssl/opensslconf.h
bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -339,29 +347,31 @@ bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
bntest.o: ../include/openssl/x509_vfy.h
-casttest.o: ../include/openssl/cast.h
+casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
+casttest.o: ../include/openssl/opensslconf.h
destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
destest.o: ../include/openssl/opensslconf.h
-dhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-dhtest.o: ../include/openssl/err.h ../include/openssl/lhash.h
-dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+dhtest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+dhtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+dhtest.o: ../include/openssl/symhacks.h
+dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
-dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-dsatest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
-dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-dsatest.o: ../include/openssl/symhacks.h
-exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
-exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
-exptest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-exptest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
-exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-exptest.o: ../include/openssl/symhacks.h
-hmactest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+exptest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+exptest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
@@ -376,17 +386,26 @@ hmactest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ideatest.o: ../include/openssl/idea.h ../include/openssl/opensslconf.h
-md2test.o: ../include/openssl/md2.h ../include/openssl/opensslconf.h
-md4test.o: ../include/openssl/md4.h
-md5test.o: ../include/openssl/md5.h
-mdc2test.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h
+ideatest.o: ../include/openssl/opensslconf.h
+md2test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md2.h
+md2test.o: ../include/openssl/opensslconf.h
+md4test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md4.h
+md4test.o: ../include/openssl/opensslconf.h
+md5test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md5.h
+md5test.o: ../include/openssl/opensslconf.h
+mdc2test.o: ../e_os.h ../include/openssl/des.h ../include/openssl/e_os2.h
mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
-randtest.o: ../include/openssl/rand.h
+randtest.o: ../e_os.h ../include/openssl/e_os2.h
+randtest.o: ../include/openssl/opensslconf.h ../include/openssl/rand.h
+rc2test.o: ../e_os.h ../include/openssl/e_os2.h
rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
+rc4test.o: ../e_os.h ../include/openssl/e_os2.h
rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
-rc5test.o: ../include/openssl/rc5.h
-rmdtest.o: ../include/openssl/ripemd.h
+rc5test.o: ../e_os.h ../include/openssl/e_os2.h
+rc5test.o: ../include/openssl/opensslconf.h ../include/openssl/rc5.h
+rmdtest.o: ../e_os.h ../include/openssl/e_os2.h
+rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/ripemd.h
rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h
rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
@@ -394,8 +413,10 @@ rsa_test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-sha1test.o: ../include/openssl/sha.h
-shatest.o: ../include/openssl/sha.h
+sha1test.o: ../e_os.h ../include/openssl/e_os2.h
+sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/sha.h
+shatest.o: ../e_os.h ../include/openssl/e_os2.h
+shatest.o: ../include/openssl/opensslconf.h ../include/openssl/sha.h
ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
diff --git a/crypto/openssl/test/methtest.c b/crypto/openssl/test/methtest.c
index 06ccb3b31087..005c2f48220e 100644
--- a/crypto/openssl/test/methtest.c
+++ b/crypto/openssl/test/methtest.c
@@ -96,10 +96,10 @@ char *argv[];
METH_init(top);
METH_control(tmp1,METH_CONTROL_DUMP,stdout);
METH_control(tmp2,METH_CONTROL_DUMP,stdout);
- exit(0);
+ EXIT(0);
err:
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
- exit(1);
+ EXIT(1);
return(0);
}
diff --git a/crypto/openssl/test/testssl b/crypto/openssl/test/testssl
index 2151a6438cda..ad4f45f1fa13 100644
--- a/crypto/openssl/test/testssl
+++ b/crypto/openssl/test/testssl
@@ -112,8 +112,12 @@ $ssltest -bio_pair -server_auth -client_auth $CA || exit 1
#############################################################################
-echo test tls1 with 1024bit anonymous DH, multiple handshakes
-$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
+if ../apps/openssl no-dh; then
+ echo skipping anonymous DH tests
+else
+ echo test tls1 with 1024bit anonymous DH, multiple handshakes
+ $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
+fi
if ../apps/openssl no-rsa; then
echo skipping RSA tests
@@ -121,8 +125,12 @@ else
echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
- echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
- ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
+ if ../apps/openssl no-dh; then
+ echo skipping RSA+DHE tests
+ else
+ echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+ ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
+ fi
fi
exit 0
diff --git a/crypto/openssl/tools/c_rehash b/crypto/openssl/tools/c_rehash
index 049bb3f1ae6b..1a6a071f4403 100644
--- a/crypto/openssl/tools/c_rehash
+++ b/crypto/openssl/tools/c_rehash
@@ -100,7 +100,8 @@ sub check_file {
sub link_hash_cert {
my $fname = $_[0];
- my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
+ $fname =~ s/'/'\\''/g;
+ my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
@@ -130,7 +131,8 @@ sub link_hash_cert {
sub link_hash_crl {
my $fname = $_[0];
- my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
+ $fname =~ s/'/'\\''/g;
+ my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
diff --git a/crypto/openssl/tools/c_rehash.in b/crypto/openssl/tools/c_rehash.in
index 26db8999d8c8..132c0e4cebb5 100644
--- a/crypto/openssl/tools/c_rehash.in
+++ b/crypto/openssl/tools/c_rehash.in
@@ -100,7 +100,8 @@ sub check_file {
sub link_hash_cert {
my $fname = $_[0];
- my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
+ $fname =~ s/'/'\\''/g;
+ my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
@@ -130,7 +131,8 @@ sub link_hash_cert {
sub link_hash_crl {
my $fname = $_[0];
- my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
+ $fname =~ s/'/'\\''/g;
+ my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
diff --git a/crypto/openssl/util/libeay.num b/crypto/openssl/util/libeay.num
index ef6573cc7d3d..cfae8e59ddb8 100755
--- a/crypto/openssl/util/libeay.num
+++ b/crypto/openssl/util/libeay.num
@@ -301,8 +301,8 @@ EVP_des_ede_cfb 308 EXIST::FUNCTION:DES
EVP_des_ede_ofb 309 EXIST::FUNCTION:DES
EVP_des_ofb 310 EXIST::FUNCTION:DES
EVP_desx_cbc 311 EXIST::FUNCTION:DES
-EVP_dss 312 EXIST::FUNCTION:SHA,DSA
-EVP_dss1 313 EXIST::FUNCTION:SHA,DSA
+EVP_dss 312 EXIST::FUNCTION:DSA,SHA
+EVP_dss1 313 EXIST::FUNCTION:DSA,SHA
EVP_enc_null 314 EXIST::FUNCTION:
EVP_get_cipherbyname 315 EXIST::FUNCTION:
EVP_get_digestbyname 316 EXIST::FUNCTION:
@@ -1212,7 +1212,7 @@ name_cmp 1239 EXIST::FUNCTION:
str_dup 1240 NOEXIST::FUNCTION:
i2s_ASN1_ENUMERATED 1241 EXIST::FUNCTION:
i2s_ASN1_ENUMERATED_TABLE 1242 EXIST::FUNCTION:
-BIO_s_log 1243 EXIST:!WIN16,!WIN32,!macintosh:FUNCTION:
+BIO_s_log 1243 EXIST:!WIN32,!macintosh,!WIN16:FUNCTION:
BIO_f_reliable 1244 EXIST::FUNCTION:
PKCS7_dataFinal 1245 EXIST::FUNCTION:
PKCS7_dataDecode 1246 EXIST::FUNCTION:
@@ -1934,3 +1934,4 @@ ENGINE_set_ctrl_function 2522 NOEXIST::FUNCTION:
BN_pseudo_rand_range 2523 EXIST::FUNCTION:
X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION:
ERR_load_COMP_strings 2525 EXIST::FUNCTION:
+OPENSSL_cleanse 3245 EXIST::FUNCTION:
diff --git a/crypto/openssl/util/mk1mf.pl b/crypto/openssl/util/mk1mf.pl
index 4cc7881d8d73..efdf77e74fb3 100755
--- a/crypto/openssl/util/mk1mf.pl
+++ b/crypto/openssl/util/mk1mf.pl
@@ -206,7 +206,7 @@ $cflags.=" -DNO_MD4" if $no_md4;
$cflags.=" -DNO_MD5" if $no_md5;
$cflags.=" -DNO_SHA" if $no_sha;
$cflags.=" -DNO_SHA1" if $no_sha1;
-$cflags.=" -DNO_RIPEMD" if $no_rmd160;
+$cflags.=" -DNO_RIPEMD" if $no_ripemd;
$cflags.=" -DNO_MDC2" if $no_mdc2;
$cflags.=" -DNO_BF" if $no_bf;
$cflags.=" -DNO_CAST" if $no_cast;
@@ -674,7 +674,7 @@ sub var_add
@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
- @a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160;
+ @a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd;
@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
@@ -883,7 +883,7 @@ sub read_options
elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
$no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
- $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; }
+ $no_ssl2=$no_err=$no_ripemd=$no_rc5=1; }
elsif (/^rsaref$/) { $rsaref=1; }
elsif (/^gcc$/) { $gcc=1; }
diff --git a/crypto/openssl/util/mkcerts.sh b/crypto/openssl/util/mkcerts.sh
index 5f8a1dae7395..0184fcb70ece 100755
--- a/crypto/openssl/util/mkcerts.sh
+++ b/crypto/openssl/util/mkcerts.sh
@@ -1,4 +1,4 @@
-#!bin/sh
+#!/bin/sh
# This script will re-make all the required certs.
# cd apps
@@ -12,8 +12,8 @@
#
CAbits=1024
-SSLEAY="../apps/ssleay"
-CONF="-config ../apps/ssleay.cnf"
+SSLEAY="../apps/openssl"
+CONF="-config ../apps/openssl.cnf"
# create pca request.
echo creating $CAbits bit PCA cert request
diff --git a/crypto/openssl/util/pl/BC-32.pl b/crypto/openssl/util/pl/BC-32.pl
index c268c495507c..655606cc1666 100644
--- a/crypto/openssl/util/pl/BC-32.pl
+++ b/crypto/openssl/util/pl/BC-32.pl
@@ -52,9 +52,9 @@ $lfile='';
$shlib_ex_obj="";
$app_ex_obj="c0x32.obj";
-$asm='n_o_T_a_s_m';
+$asm='nasmw -f obj';
$asm.=" /Zi" if $debug;
-$afile='/Fo';
+$afile='-o';
$bn_mulw_obj='';
$bn_mulw_src='';
diff --git a/crypto/openssl/util/pl/Mingw32.pl b/crypto/openssl/util/pl/Mingw32.pl
index 02a5086f8236..37f36126f371 100644
--- a/crypto/openssl/util/pl/Mingw32.pl
+++ b/crypto/openssl/util/pl/Mingw32.pl
@@ -1,7 +1,6 @@
#!/usr/local/bin/perl
#
# Mingw32.pl -- Mingw32 with GNU cp (Mingw32f.pl uses DOS tools)
-# $FreeBSD$
#
$o='/';
diff --git a/crypto/openssl/util/pod2mantest b/crypto/openssl/util/pod2mantest
index 449ef14f1b43..026a6a1789d2 100755
--- a/crypto/openssl/util/pod2mantest
+++ b/crypto/openssl/util/pod2mantest
@@ -11,7 +11,8 @@
IFS=:
-try_without_dir=false
+
+try_without_dir=true
# First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
for dir in dummy:$PATH; do
if [ "$try_without_dir" = true ]; then
@@ -29,9 +30,16 @@ for dir in dummy:$PATH; do
if [ ! "$pod2man" = '' ]; then
failure=none
+ if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
+ :
+ else
+ failure=BasicTest
+ fi
- if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then
- failure=MultilineTest
+ if [ "$failure" = none ]; then
+ if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
+ failure=MultilineTest
+ fi
fi
@@ -45,9 +53,5 @@ for dir in dummy:$PATH; do
done
echo "No working pod2man found. Consider installing a new version." >&2
-if [ "$1" = ignore ]; then
- echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
- echo "../../util/pod2man.pl"
- exit 0
-fi
-exit 1
+echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
+echo "$1 ../../util/pod2man.pl"
diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile
index 6da25cb6a3b0..03f7a925974a 100644
--- a/secure/lib/libcrypto/Makefile
+++ b/secure/lib/libcrypto/Makefile
@@ -30,8 +30,8 @@ SHLIB_MAJOR= 2
NOLINT= true
# base sources
-SRCS+= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_dbg.c \
- tmdiff.c uid.c
+SRCS+= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_clr.c \
+ mem_dbg.c tmdiff.c uid.c
# asn1
SRCS+= a_bitstr.c a_bmp.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c \
diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3
index c7262a0ee760..4dfddbaccfe2 100644
--- a/secure/lib/libcrypto/man/BIO_ctrl.3
+++ b/secure/lib/libcrypto/man/BIO_ctrl.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:01 2002
+.\" Wed Feb 19 21:05:03 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_ctrl 3"
-.TH BIO_ctrl 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_ctrl 3 "0.9.6i" "2000-09-18" "OpenSSL"
.UC
.SH "NAME"
BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3
index b525daa63614..e29adf339268 100644
--- a/secure/lib/libcrypto/man/BIO_f_base64.3
+++ b/secure/lib/libcrypto/man/BIO_f_base64.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:01 2002
+.\" Wed Feb 19 21:05:03 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_f_base64 3"
-.TH BIO_f_base64 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_f_base64 3 "0.9.6i" "2000-09-14" "OpenSSL"
.UC
.SH "NAME"
BIO_f_base64 \- base64 \s-1BIO\s0 filter
diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3
index 5cb75b3847c7..8e8a1e440325 100644
--- a/secure/lib/libcrypto/man/BIO_f_buffer.3
+++ b/secure/lib/libcrypto/man/BIO_f_buffer.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:02 2002
+.\" Wed Feb 19 21:05:04 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_f_buffer 3"
-.TH BIO_f_buffer 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_f_buffer 3 "0.9.6i" "2000-09-18" "OpenSSL"
.UC
.SH "NAME"
BIO_f_buffer \- buffering \s-1BIO\s0
diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3
index a069642539f2..acc701886a84 100644
--- a/secure/lib/libcrypto/man/BIO_f_cipher.3
+++ b/secure/lib/libcrypto/man/BIO_f_cipher.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:03 2002
+.\" Wed Feb 19 21:05:04 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_f_cipher 3"
-.TH BIO_f_cipher 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_f_cipher 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher \s-1BIO\s0 filter
diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3
index 3b9e097387fe..ee47def2f2a5 100644
--- a/secure/lib/libcrypto/man/BIO_f_md.3
+++ b/secure/lib/libcrypto/man/BIO_f_md.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:03 2002
+.\" Wed Feb 19 21:05:04 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_f_md 3"
-.TH BIO_f_md 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_f_md 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest \s-1BIO\s0 filter
diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3
index f1d9b02ed619..a1b02b962712 100644
--- a/secure/lib/libcrypto/man/BIO_f_null.3
+++ b/secure/lib/libcrypto/man/BIO_f_null.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:04 2002
+.\" Wed Feb 19 21:05:04 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_f_null 3"
-.TH BIO_f_null 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_f_null 3 "0.9.6i" "2000-09-14" "OpenSSL"
.UC
.SH "NAME"
BIO_f_null \- null filter
diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3
index 1e8d72a3ace7..7b8e365b317a 100644
--- a/secure/lib/libcrypto/man/BIO_f_ssl.3
+++ b/secure/lib/libcrypto/man/BIO_f_ssl.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:05 2002
+.\" Wed Feb 19 21:05:04 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_f_ssl 3"
-.TH BIO_f_ssl 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_f_ssl 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes,
diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3
index e11997d53516..db6cda354d92 100644
--- a/secure/lib/libcrypto/man/BIO_find_type.3
+++ b/secure/lib/libcrypto/man/BIO_find_type.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:05 2002
+.\" Wed Feb 19 21:05:05 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_find_type 3"
-.TH BIO_find_type 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_find_type 3 "0.9.6i" "2000-09-14" "OpenSSL"
.UC
.SH "NAME"
BIO_find_type, BIO_next \- \s-1BIO\s0 chain traversal
diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3
index ca5f4f8ade5a..790d03ebe05c 100644
--- a/secure/lib/libcrypto/man/BIO_new.3
+++ b/secure/lib/libcrypto/man/BIO_new.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:06 2002
+.\" Wed Feb 19 21:05:05 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_new 3"
-.TH BIO_new 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_new 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- \s-1BIO\s0 allocation and freeing functions
diff --git a/secure/lib/libcrypto/man/BIO_new_bio_pair.3 b/secure/lib/libcrypto/man/BIO_new_bio_pair.3
index d867de638f74..8fe95036160e 100644
--- a/secure/lib/libcrypto/man/BIO_new_bio_pair.3
+++ b/secure/lib/libcrypto/man/BIO_new_bio_pair.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:06 2002
+.\" Wed Feb 19 21:05:05 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_new_bio_pair 3"
-.TH BIO_new_bio_pair 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_new_bio_pair 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
BIO_new_bio_pair \- create a new \s-1BIO\s0 pair
diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3
index ec94074271ba..d9c97dc5b706 100644
--- a/secure/lib/libcrypto/man/BIO_push.3
+++ b/secure/lib/libcrypto/man/BIO_push.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:07 2002
+.\" Wed Feb 19 21:05:05 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_push 3"
-.TH BIO_push 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_push 3 "0.9.6i" "2000-09-14" "OpenSSL"
.UC
.SH "NAME"
BIO_push, BIO_pop \- add and remove BIOs from a chain.
diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3
index b844303a5115..b1fe08e0b896 100644
--- a/secure/lib/libcrypto/man/BIO_read.3
+++ b/secure/lib/libcrypto/man/BIO_read.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:08 2002
+.\" Wed Feb 19 21:05:05 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_read 3"
-.TH BIO_read 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_read 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
BIO_read, BIO_write, BIO_gets, BIO_puts \- \s-1BIO\s0 I/O functions
diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3
index 3073f38f14a7..a79970618c3f 100644
--- a/secure/lib/libcrypto/man/BIO_s_accept.3
+++ b/secure/lib/libcrypto/man/BIO_s_accept.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:08 2002
+.\" Wed Feb 19 21:05:06 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_accept 3"
-.TH BIO_s_accept 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_s_accept 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
BIO_s_accept, BIO_set_nbio, BIO_set_accept_port, BIO_get_accept_port,
diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3
index 6c76cd973348..ce5db31eb4e7 100644
--- a/secure/lib/libcrypto/man/BIO_s_bio.3
+++ b/secure/lib/libcrypto/man/BIO_s_bio.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:09 2002
+.\" Wed Feb 19 21:05:06 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_bio 3"
-.TH BIO_s_bio 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_s_bio 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr,
diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3
index fcb6a33a6553..6b25e6cc5f17 100644
--- a/secure/lib/libcrypto/man/BIO_s_connect.3
+++ b/secure/lib/libcrypto/man/BIO_s_connect.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:09 2002
+.\" Wed Feb 19 21:05:06 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_connect 3"
-.TH BIO_s_connect 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_s_connect 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port,
diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3
index cade91f35e6f..e9e9b468289f 100644
--- a/secure/lib/libcrypto/man/BIO_s_fd.3
+++ b/secure/lib/libcrypto/man/BIO_s_fd.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:10 2002
+.\" Wed Feb 19 21:05:06 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_fd 3"
-.TH BIO_s_fd 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_s_fd 3 "0.9.6i" "2000-09-17" "OpenSSL"
.UC
.SH "NAME"
BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor \s-1BIO\s0
diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3
index 6be9436f8e92..c279570f5d48 100644
--- a/secure/lib/libcrypto/man/BIO_s_file.3
+++ b/secure/lib/libcrypto/man/BIO_s_file.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:11 2002
+.\" Wed Feb 19 21:05:06 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_file 3"
-.TH BIO_s_file 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_s_file 3 "0.9.6i" "2000-09-18" "OpenSSL"
.UC
.SH "NAME"
BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp,
diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3
index d3b422e3259f..f8cfc37b7918 100644
--- a/secure/lib/libcrypto/man/BIO_s_mem.3
+++ b/secure/lib/libcrypto/man/BIO_s_mem.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:11 2002
+.\" Wed Feb 19 21:05:07 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_mem 3"
-.TH BIO_s_mem 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_s_mem 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3
index 0bf1015b581a..d6b10ec7122f 100644
--- a/secure/lib/libcrypto/man/BIO_s_null.3
+++ b/secure/lib/libcrypto/man/BIO_s_null.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:12 2002
+.\" Wed Feb 19 21:05:07 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_null 3"
-.TH BIO_s_null 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_s_null 3 "0.9.6i" "2000-09-14" "OpenSSL"
.UC
.SH "NAME"
BIO_s_null \- null data sink
diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3
index e5fa8d4d225e..70daf794fca0 100644
--- a/secure/lib/libcrypto/man/BIO_s_socket.3
+++ b/secure/lib/libcrypto/man/BIO_s_socket.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:13 2002
+.\" Wed Feb 19 21:05:07 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_s_socket 3"
-.TH BIO_s_socket 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_s_socket 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0
diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3
index a2a5996ee507..ed12e5ccaeb7 100644
--- a/secure/lib/libcrypto/man/BIO_set_callback.3
+++ b/secure/lib/libcrypto/man/BIO_set_callback.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:13 2002
+.\" Wed Feb 19 21:05:07 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_set_callback 3"
-.TH BIO_set_callback 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_set_callback 3 "0.9.6i" "2000-09-14" "OpenSSL"
.UC
.SH "NAME"
BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg,
diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3
index 38fc119833ee..f9ae043e3c19 100644
--- a/secure/lib/libcrypto/man/BIO_should_retry.3
+++ b/secure/lib/libcrypto/man/BIO_should_retry.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:14 2002
+.\" Wed Feb 19 21:05:08 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BIO_should_retry 3"
-.TH BIO_should_retry 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BIO_should_retry 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
BIO_should_retry, BIO_should_read, BIO_should_write,
diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3
index b4dff76dd749..2025a6587c7b 100644
--- a/secure/lib/libcrypto/man/BN_CTX_new.3
+++ b/secure/lib/libcrypto/man/BN_CTX_new.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:14 2002
+.\" Wed Feb 19 21:05:08 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_CTX_new 3"
-.TH BN_CTX_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH BN_CTX_new 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
BN_CTX_new, BN_CTX_init, BN_CTX_free \- allocate and free \s-1BN_CTX\s0 structures
@@ -181,7 +181,7 @@ ERR_get_error(3).
\&\fIBN_CTX_init()\fR and \fIBN_CTX_free()\fR have no return values.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-bn(3), err(3), BN_add(3),
+bn(3), ERR_get_error(3), BN_add(3),
BN_CTX_start(3)
.SH "HISTORY"
.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3
index 1629abffc938..015a3119a762 100644
--- a/secure/lib/libcrypto/man/BN_CTX_start.3
+++ b/secure/lib/libcrypto/man/BN_CTX_start.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:15 2002
+.\" Wed Feb 19 21:05:08 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_CTX_start 3"
-.TH BN_CTX_start 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BN_CTX_start 3 "0.9.6i" "2000-07-11" "OpenSSL"
.UC
.SH "NAME"
BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary \s-1BIGNUM\s0 variables
diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3
index 7b4b69406e0e..0660a3846698 100644
--- a/secure/lib/libcrypto/man/BN_add.3
+++ b/secure/lib/libcrypto/man/BN_add.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:16 2002
+.\" Wed Feb 19 21:05:08 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_add 3"
-.TH BN_add 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH BN_add 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
BN_add, BN_sub, BN_mul, BN_div, BN_sqr, BN_mod, BN_mod_mul, BN_exp,
@@ -233,7 +233,7 @@ value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(
The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-bn(3), err(3), BN_CTX_new(3),
+bn(3), ERR_get_error(3), BN_CTX_new(3),
BN_add_word(3), BN_set_bit(3)
.SH "HISTORY"
.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3
index d83119455724..39335ebd1526 100644
--- a/secure/lib/libcrypto/man/BN_add_word.3
+++ b/secure/lib/libcrypto/man/BN_add_word.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:16 2002
+.\" Wed Feb 19 21:05:08 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_add_word 3"
-.TH BN_add_word 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH BN_add_word 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic
@@ -188,7 +188,7 @@ on error. The error codes can be obtained by ERR_get_error(3).
\&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-bn(3), err(3), BN_add(3)
+bn(3), ERR_get_error(3), BN_add(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIBN_add_word()\fR and \fIBN_mod_word()\fR are available in all versions of
diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3
index 6a810496c839..7697139273b1 100644
--- a/secure/lib/libcrypto/man/BN_bn2bin.3
+++ b/secure/lib/libcrypto/man/BN_bn2bin.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:17 2002
+.\" Wed Feb 19 21:05:09 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_bn2bin 3"
-.TH BN_bn2bin 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH BN_bn2bin 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn,
@@ -221,7 +221,7 @@ returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error.
The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-bn(3), err(3), BN_zero(3),
+bn(3), ERR_get_error(3), BN_zero(3),
ASN1_INTEGER_to_BN(3),
BN_num_bytes(3)
.SH "HISTORY"
diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3
index cb21425f23a1..1e4802dd9ab8 100644
--- a/secure/lib/libcrypto/man/BN_cmp.3
+++ b/secure/lib/libcrypto/man/BN_cmp.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:18 2002
+.\" Wed Feb 19 21:05:09 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_cmp 3"
-.TH BN_cmp 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH BN_cmp 3 "0.9.6i" "2000-01-26" "OpenSSL"
.UC
.SH "NAME"
BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- \s-1BIGNUM\s0 comparison and test functions
diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3
index 12770756a9ad..21a197607c21 100644
--- a/secure/lib/libcrypto/man/BN_copy.3
+++ b/secure/lib/libcrypto/man/BN_copy.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:18 2002
+.\" Wed Feb 19 21:05:09 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_copy 3"
-.TH BN_copy 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH BN_copy 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
BN_copy, BN_dup \- copy BIGNUMs
@@ -164,7 +164,7 @@ the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be ob
by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-bn(3), err(3)
+bn(3), ERR_get_error(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIBN_copy()\fR and \fIBN_dup()\fR are available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3
index 383ccf82501d..5d8f2b1d2aa0 100644
--- a/secure/lib/libcrypto/man/BN_generate_prime.3
+++ b/secure/lib/libcrypto/man/BN_generate_prime.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:19 2002
+.\" Wed Feb 19 21:05:09 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_generate_prime 3"
-.TH BN_generate_prime 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH BN_generate_prime 3 "0.9.6i" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality
@@ -202,7 +202,7 @@ If \fBdo_trial_division == 0\fR, this test is skipped.
.PP
Both \fIBN_is_prime()\fR and \fIBN_is_prime_fasttest()\fR perform a Miller-Rabin
probabilistic primality test with \fBchecks\fR iterations. If
-\&\fBchecks == BN_prime_check\fR, a number of iterations is used that
+\&\fBchecks == BN_prime_checks\fR, a number of iterations is used that
yields a false positive rate of at most 2^\-80 for random input.
.PP
If \fBcallback\fR is not \fB\s-1NULL\s0\fR, \fBcallback(1, j, cb_arg)\fR is called
@@ -220,7 +220,7 @@ prime with an error probability of less than 0.25^\fBchecks\fR, and
The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-bn(3), err(3), rand(3)
+bn(3), ERR_get_error(3), rand(3)
.SH "HISTORY"
.IX Header "HISTORY"
The \fBcb_arg\fR arguments to \fIBN_generate_prime()\fR and to \fIBN_is_prime()\fR
diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3
index d5249c65cdb2..27dfe5238358 100644
--- a/secure/lib/libcrypto/man/BN_mod_inverse.3
+++ b/secure/lib/libcrypto/man/BN_mod_inverse.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:19 2002
+.\" Wed Feb 19 21:05:09 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_mod_inverse 3"
-.TH BN_mod_inverse 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH BN_mod_inverse 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
BN_mod_inverse \- compute inverse modulo n
@@ -165,7 +165,7 @@ variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR.
\&\s-1NULL\s0 on error. The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-bn(3), err(3), BN_add(3)
+bn(3), ERR_get_error(3), BN_add(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIBN_mod_inverse()\fR is available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
index 28702cecfab5..af9d240d3339 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:20 2002
+.\" Wed Feb 19 21:05:10 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_mod_mul_montgomery 3"
-.TH BN_mod_mul_montgomery 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BN_mod_mul_montgomery 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
@@ -224,7 +224,7 @@ For the other functions, 1 is returned for success, 0 on error.
The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-bn(3), err(3), BN_add(3),
+bn(3), ERR_get_error(3), BN_add(3),
BN_CTX_new(3)
.SH "HISTORY"
.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
index db868999002a..b4f397b153e1 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:21 2002
+.\" Wed Feb 19 21:05:10 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_mod_mul_reciprocal 3"
-.TH BN_mod_mul_reciprocal 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BN_mod_mul_reciprocal 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init,
@@ -211,7 +211,7 @@ For the other functions, 1 is returned for success, 0 on error.
The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-bn(3), err(3), BN_add(3),
+bn(3), ERR_get_error(3), BN_add(3),
BN_CTX_new(3)
.SH "HISTORY"
.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3
index 150ee3f03dc2..d13c6275ca6b 100644
--- a/secure/lib/libcrypto/man/BN_new.3
+++ b/secure/lib/libcrypto/man/BN_new.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:21 2002
+.\" Wed Feb 19 21:05:10 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_new 3"
-.TH BN_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH BN_new 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs
@@ -184,7 +184,7 @@ by ERR_get_error(3).
values.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-bn(3), err(3)
+bn(3), ERR_get_error(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIBN_new()\fR, \fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR are available in
diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3
index 866e1e9b116c..f95a789f0464 100644
--- a/secure/lib/libcrypto/man/BN_num_bytes.3
+++ b/secure/lib/libcrypto/man/BN_num_bytes.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:22 2002
+.\" Wed Feb 19 21:05:10 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_num_bytes 3"
-.TH BN_num_bytes 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH BN_num_bytes 3 "0.9.6i" "2000-02-24" "OpenSSL"
.UC
.SH "NAME"
BN_num_bits, BN_num_bytes, BN_num_bits_word \- get \s-1BIGNUM\s0 size
diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3
index 23e7399d8bdf..ce2df1a9ba8d 100644
--- a/secure/lib/libcrypto/man/BN_rand.3
+++ b/secure/lib/libcrypto/man/BN_rand.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:22 2002
+.\" Wed Feb 19 21:05:10 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_rand 3"
-.TH BN_rand 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH BN_rand 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
BN_rand, BN_pseudo_rand \- generate pseudo-random number
@@ -186,7 +186,7 @@ The functions return 1 on success, 0 on error.
The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-bn(3), err(3), rand(3),
+bn(3), ERR_get_error(3), rand(3),
RAND_add(3), RAND_bytes(3)
.SH "HISTORY"
.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3
index 5c5a4e157416..ecea9806cc4b 100644
--- a/secure/lib/libcrypto/man/BN_set_bit.3
+++ b/secure/lib/libcrypto/man/BN_set_bit.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:23 2002
+.\" Wed Feb 19 21:05:11 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_set_bit 3"
-.TH BN_set_bit 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH BN_set_bit 3 "0.9.6i" "2000-02-24" "OpenSSL"
.UC
.SH "NAME"
BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift,
diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3
index 61613e7f9740..74c468a7b5a5 100644
--- a/secure/lib/libcrypto/man/BN_zero.3
+++ b/secure/lib/libcrypto/man/BN_zero.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:24 2002
+.\" Wed Feb 19 21:05:11 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "BN_zero 3"
-.TH BN_zero 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH BN_zero 3 "0.9.6i" "2000-09-14" "OpenSSL"
.UC
.SH "NAME"
BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- \s-1BIGNUM\s0 assignment
diff --git a/secure/lib/libcrypto/man/CA.pl.1 b/secure/lib/libcrypto/man/CA.pl.1
index ac3f29c12eb9..1c35e1861784 100644
--- a/secure/lib/libcrypto/man/CA.pl.1
+++ b/secure/lib/libcrypto/man/CA.pl.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:38 2002
+.\" Wed Feb 19 21:04:55 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "CA.PL 1"
-.TH CA.PL 1 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH CA.PL 1 "0.9.6i" "2000-08-24" "OpenSSL"
.UC
.SH "NAME"
\&\s-1CA\s0.pl \- friendlier interface for OpenSSL certificate programs
diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
index ef82f2b07aca..c79d06c12da1 100644
--- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
+++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:24 2002
+.\" Wed Feb 19 21:05:11 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "CRYPTO_set_ex_data 3"
-.TH CRYPTO_set_ex_data 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH CRYPTO_set_ex_data 3 "0.9.6i" "2000-01-29" "OpenSSL"
.UC
.SH "NAME"
CRYPTO_set_ex_data, CRYPTO_get_ex_data \- internal application specific data functions
diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3
index a98535f097a7..18289dad2dc8 100644
--- a/secure/lib/libcrypto/man/DH_generate_key.3
+++ b/secure/lib/libcrypto/man/DH_generate_key.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:25 2002
+.\" Wed Feb 19 21:05:11 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DH_generate_key 3"
-.TH DH_generate_key 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH DH_generate_key 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
DH_generate_key, DH_compute_key \- perform Diffie-Hellman key exchange
@@ -179,7 +179,7 @@ on error.
The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-dh(3), err(3), rand(3), DH_size(3)
+dh(3), ERR_get_error(3), rand(3), DH_size(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIDH_generate_key()\fR and \fIDH_compute_key()\fR are available in all versions
diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3
index 74b0d8a6f27c..ffe2d484c9f3 100644
--- a/secure/lib/libcrypto/man/DH_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DH_generate_parameters.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:25 2002
+.\" Wed Feb 19 21:05:11 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DH_generate_parameters 3"
-.TH DH_generate_parameters 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH DH_generate_parameters 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
DH_generate_parameters, DH_check \- generate and check Diffie-Hellman parameters
@@ -196,7 +196,8 @@ If \fBgenerator\fR is not 2 or 5, \fBdh->g\fR=\fBgenerator\fR is not
a usable generator.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-dh(3), err(3), rand(3), DH_free(3)
+dh(3), ERR_get_error(3), rand(3),
+DH_free(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIDH_check()\fR is available in all versions of SSLeay and OpenSSL.
diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3
index 2a9409a49cc7..764e9d12f907 100644
--- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:26 2002
+.\" Wed Feb 19 21:05:12 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DH_get_ex_new_index 3"
-.TH DH_get_ex_new_index 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH DH_get_ex_new_index 3 "0.9.6i" "2002-07-10" "OpenSSL"
.UC
.SH "NAME"
DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific data to \s-1DH\s0 structures
diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3
index 2a8546e3f2c1..8f7b201d9402 100644
--- a/secure/lib/libcrypto/man/DH_new.3
+++ b/secure/lib/libcrypto/man/DH_new.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:27 2002
+.\" Wed Feb 19 21:05:12 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DH_new 3"
-.TH DH_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH DH_new 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
DH_new, DH_free \- allocate and free \s-1DH\s0 objects
@@ -168,7 +168,7 @@ a pointer to the newly allocated structure.
\&\fIDH_free()\fR returns no value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-dh(3), err(3),
+dh(3), ERR_get_error(3),
DH_generate_parameters(3),
DH_generate_key(3)
.SH "HISTORY"
diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3
index 8a5c1b720a0c..3c00482ef468 100644
--- a/secure/lib/libcrypto/man/DH_set_method.3
+++ b/secure/lib/libcrypto/man/DH_set_method.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:27 2002
+.\" Wed Feb 19 21:05:12 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DH_set_method 3"
-.TH DH_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH DH_set_method 3 "0.9.6i" "2000-05-29" "OpenSSL"
.UC
.SH "NAME"
DH_set_default_method, DH_get_default_method, DH_set_method,
diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3
index 6ad0ac9a8ab3..7665a3d27c80 100644
--- a/secure/lib/libcrypto/man/DH_size.3
+++ b/secure/lib/libcrypto/man/DH_size.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:28 2002
+.\" Wed Feb 19 21:05:12 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DH_size 3"
-.TH DH_size 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH DH_size 3 "0.9.6i" "2000-02-24" "OpenSSL"
.UC
.SH "NAME"
DH_size \- get Diffie-Hellman prime size
diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3
index 32ca1deccf87..e71c4305d8d3 100644
--- a/secure/lib/libcrypto/man/DSA_SIG_new.3
+++ b/secure/lib/libcrypto/man/DSA_SIG_new.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:29 2002
+.\" Wed Feb 19 21:05:12 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_SIG_new 3"
-.TH DSA_SIG_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH DSA_SIG_new 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
DSA_SIG_new, DSA_SIG_free \- allocate and free \s-1DSA\s0 signature objects
@@ -169,7 +169,8 @@ to the newly allocated structure.
\&\fIDSA_SIG_free()\fR returns no value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-dsa(3), err(3), DSA_do_sign(3)
+dsa(3), ERR_get_error(3),
+DSA_do_sign(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIDSA_SIG_new()\fR and \fIDSA_SIG_free()\fR were added in OpenSSL 0.9.3.
diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3
index a99f6d40c395..c9b9cbde6e32 100644
--- a/secure/lib/libcrypto/man/DSA_do_sign.3
+++ b/secure/lib/libcrypto/man/DSA_do_sign.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:29 2002
+.\" Wed Feb 19 21:05:13 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_do_sign 3"
-.TH DSA_do_sign 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH DSA_do_sign 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
DSA_do_sign, DSA_do_verify \- raw \s-1DSA\s0 signature operations
@@ -175,7 +175,7 @@ on error. The error codes can be obtained by
ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-dsa(3), err(3), rand(3),
+dsa(3), ERR_get_error(3), rand(3),
DSA_SIG_new(3),
DSA_sign(3)
.SH "HISTORY"
diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3
index 19bbf6e7c8a5..e2f2f730e08d 100644
--- a/secure/lib/libcrypto/man/DSA_dup_DH.3
+++ b/secure/lib/libcrypto/man/DSA_dup_DH.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:30 2002
+.\" Wed Feb 19 21:05:13 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_dup_DH 3"
-.TH DSA_dup_DH 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH DSA_dup_DH 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure
@@ -164,7 +164,7 @@ error codes can be obtained by ERR_get_error(3).
Be careful to avoid small subgroup attacks when using this.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-dh(3), dsa(3), err(3)
+dh(3), dsa(3), ERR_get_error(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIDSA_dup_DH()\fR was added in OpenSSL 0.9.4.
diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3
index 75e9490d0fcb..ea96a9c57553 100644
--- a/secure/lib/libcrypto/man/DSA_generate_key.3
+++ b/secure/lib/libcrypto/man/DSA_generate_key.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:30 2002
+.\" Wed Feb 19 21:05:13 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_generate_key 3"
-.TH DSA_generate_key 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH DSA_generate_key 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
DSA_generate_key \- generate \s-1DSA\s0 key pair
@@ -162,7 +162,8 @@ The \s-1PRNG\s0 must be seeded prior to calling \fIDSA_generate_key()\fR.
The error codes can be obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-dsa(3), err(3), rand(3), DSA_generate_parameters(3)
+dsa(3), ERR_get_error(3), rand(3),
+DSA_generate_parameters(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIDSA_generate_key()\fR is available since SSLeay 0.8.
diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3
index b9d4de72b58e..0a9fb94253c5 100644
--- a/secure/lib/libcrypto/man/DSA_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:31 2002
+.\" Wed Feb 19 21:05:13 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_generate_parameters 3"
-.TH DSA_generate_parameters 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH DSA_generate_parameters 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
DSA_generate_parameters \- generate \s-1DSA\s0 parameters
@@ -209,7 +209,7 @@ obtained by ERR_get_error(3).
Seed lengths > 20 are not supported.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-dsa(3), err(3), rand(3),
+dsa(3), ERR_get_error(3), rand(3),
DSA_free(3)
.SH "HISTORY"
.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
index 56383681c2ee..f0ee5a0081c0 100644
--- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:32 2002
+.\" Wed Feb 19 21:05:13 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_get_ex_new_index 3"
-.TH DSA_get_ex_new_index 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH DSA_get_ex_new_index 3 "0.9.6i" "2000-01-30" "OpenSSL"
.UC
.SH "NAME"
DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specific data to \s-1DSA\s0 structures
diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3
index 2810cc8be33e..93ff44046239 100644
--- a/secure/lib/libcrypto/man/DSA_new.3
+++ b/secure/lib/libcrypto/man/DSA_new.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:32 2002
+.\" Wed Feb 19 21:05:14 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_new 3"
-.TH DSA_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH DSA_new 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects
@@ -169,7 +169,7 @@ to the newly allocated structure.
\&\fIDSA_free()\fR returns no value.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-dsa(3), err(3),
+dsa(3), ERR_get_error(3),
DSA_generate_parameters(3),
DSA_generate_key(3)
.SH "HISTORY"
diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3
index 3114fb239eba..13fbb54d950f 100644
--- a/secure/lib/libcrypto/man/DSA_set_method.3
+++ b/secure/lib/libcrypto/man/DSA_set_method.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:33 2002
+.\" Wed Feb 19 21:05:14 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_set_method 3"
-.TH DSA_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH DSA_set_method 3 "0.9.6i" "2000-05-29" "OpenSSL"
.UC
.SH "NAME"
DSA_set_default_method, DSA_get_default_method, DSA_set_method,
diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3
index 28c80a837ed0..b3db4d9ea437 100644
--- a/secure/lib/libcrypto/man/DSA_sign.3
+++ b/secure/lib/libcrypto/man/DSA_sign.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:33 2002
+.\" Wed Feb 19 21:05:14 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_sign 3"
-.TH DSA_sign 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH DSA_sign 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
DSA_sign, DSA_sign_setup, DSA_verify \- \s-1DSA\s0 signatures
@@ -194,7 +194,7 @@ ERR_get_error(3).
Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-dsa(3), err(3), rand(3),
+dsa(3), ERR_get_error(3), rand(3),
DSA_do_sign(3)
.SH "HISTORY"
.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3
index c3fe807f9dab..2b7417a5d832 100644
--- a/secure/lib/libcrypto/man/DSA_size.3
+++ b/secure/lib/libcrypto/man/DSA_size.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:34 2002
+.\" Wed Feb 19 21:05:14 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA_size 3"
-.TH DSA_size 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH DSA_size 3 "0.9.6i" "2000-02-24" "OpenSSL"
.UC
.SH "NAME"
DSA_size \- get \s-1DSA\s0 signature size
diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3
index 4646117b8154..30167d4370ca 100644
--- a/secure/lib/libcrypto/man/ERR_GET_LIB.3
+++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:35 2002
+.\" Wed Feb 19 21:05:14 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_GET_LIB 3"
-.TH ERR_GET_LIB 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH ERR_GET_LIB 3 "0.9.6i" "2000-01-31" "OpenSSL"
.UC
.SH "NAME"
\&\s-1ERR_GET_LIB\s0, \s-1ERR_GET_FUNC\s0, \s-1ERR_GET_REASON\s0 \- get library, function and
diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3
index dfb3cae82211..b51a3af7bbaf 100644
--- a/secure/lib/libcrypto/man/ERR_clear_error.3
+++ b/secure/lib/libcrypto/man/ERR_clear_error.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:35 2002
+.\" Wed Feb 19 21:05:15 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_clear_error 3"
-.TH ERR_clear_error 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH ERR_clear_error 3 "0.9.6i" "2000-01-31" "OpenSSL"
.UC
.SH "NAME"
ERR_clear_error \- clear the error queue
diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3
index aefdba409bbe..e160c653bb48 100644
--- a/secure/lib/libcrypto/man/ERR_error_string.3
+++ b/secure/lib/libcrypto/man/ERR_error_string.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:36 2002
+.\" Wed Feb 19 21:05:15 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_error_string 3"
-.TH ERR_error_string 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH ERR_error_string 3 "0.9.6i" "2000-09-14" "OpenSSL"
.UC
.SH "NAME"
ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3
index d5775104e892..8570c7b3771f 100644
--- a/secure/lib/libcrypto/man/ERR_get_error.3
+++ b/secure/lib/libcrypto/man/ERR_get_error.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:36 2002
+.\" Wed Feb 19 21:05:15 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_get_error 3"
-.TH ERR_get_error 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH ERR_get_error 3 "0.9.6i" "2000-09-19" "OpenSSL"
.UC
.SH "NAME"
ERR_get_error, ERR_peek_error, ERR_get_error_line, ERR_peek_error_line,
diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
index e2a58cda64b9..779899ae1126 100644
--- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:37 2002
+.\" Wed Feb 19 21:05:15 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_load_crypto_strings 3"
-.TH ERR_load_crypto_strings 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH ERR_load_crypto_strings 3 "0.9.6i" "2000-02-24" "OpenSSL"
.UC
.SH "NAME"
ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \-
diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3
index 802da1150d20..c9e375c1376b 100644
--- a/secure/lib/libcrypto/man/ERR_load_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_strings.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:38 2002
+.\" Wed Feb 19 21:05:15 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_load_strings 3"
-.TH ERR_load_strings 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH ERR_load_strings 3 "0.9.6i" "2000-02-24" "OpenSSL"
.UC
.SH "NAME"
ERR_load_strings, \s-1ERR_PACK\s0, ERR_get_next_error_library \- load
diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3
index cd6f53af2ad9..2aba2d2f2b62 100644
--- a/secure/lib/libcrypto/man/ERR_print_errors.3
+++ b/secure/lib/libcrypto/man/ERR_print_errors.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:38 2002
+.\" Wed Feb 19 21:05:16 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_print_errors 3"
-.TH ERR_print_errors 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH ERR_print_errors 3 "0.9.6i" "2000-01-31" "OpenSSL"
.UC
.SH "NAME"
ERR_print_errors, ERR_print_errors_fp \- print error messages
diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3
index 91ebc960d84f..8b8ee6fd085b 100644
--- a/secure/lib/libcrypto/man/ERR_put_error.3
+++ b/secure/lib/libcrypto/man/ERR_put_error.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:39 2002
+.\" Wed Feb 19 21:05:16 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_put_error 3"
-.TH ERR_put_error 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH ERR_put_error 3 "0.9.6i" "2000-02-24" "OpenSSL"
.UC
.SH "NAME"
ERR_put_error, ERR_add_error_data \- record an error
diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3
index a6a23feca1fd..4ba19a6b0269 100644
--- a/secure/lib/libcrypto/man/ERR_remove_state.3
+++ b/secure/lib/libcrypto/man/ERR_remove_state.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:39 2002
+.\" Wed Feb 19 21:05:16 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ERR_remove_state 3"
-.TH ERR_remove_state 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH ERR_remove_state 3 "0.9.6i" "2000-05-19" "OpenSSL"
.UC
.SH "NAME"
ERR_remove_state \- free a thread's error queue
diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3
index e521c2e85486..81169120e221 100644
--- a/secure/lib/libcrypto/man/EVP_DigestInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestInit.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:40 2002
+.\" Wed Feb 19 21:05:16 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "EVP_DigestInit 3"
-.TH EVP_DigestInit 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH EVP_DigestInit 3 "0.9.6i" "2002-07-10" "OpenSSL"
.UC
.SH "NAME"
EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal, \s-1EVP_MAX_MD_SIZE\s0,
diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3
index cfab0ccf4c15..805e49dc84e0 100644
--- a/secure/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:41 2002
+.\" Wed Feb 19 21:05:16 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "EVP_EncryptInit 3"
-.TH EVP_EncryptInit 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH EVP_EncryptInit 3 "0.9.6i" "2002-05-08" "OpenSSL"
.UC
.SH "NAME"
EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal, EVP_DecryptInit,
diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3
index 8b1de4d0ed00..f9dd23c7d151 100644
--- a/secure/lib/libcrypto/man/EVP_OpenInit.3
+++ b/secure/lib/libcrypto/man/EVP_OpenInit.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:41 2002
+.\" Wed Feb 19 21:05:17 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "EVP_OpenInit 3"
-.TH EVP_OpenInit 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH EVP_OpenInit 3 "0.9.6i" "2000-09-23" "OpenSSL"
.UC
.SH "NAME"
EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- \s-1EVP\s0 envelope decryption
diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3
index 970b98fe496c..c1ffe0a0644b 100644
--- a/secure/lib/libcrypto/man/EVP_SealInit.3
+++ b/secure/lib/libcrypto/man/EVP_SealInit.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:42 2002
+.\" Wed Feb 19 21:05:17 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "EVP_SealInit 3"
-.TH EVP_SealInit 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH EVP_SealInit 3 "0.9.6i" "2002-08-15" "OpenSSL"
.UC
.SH "NAME"
EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- \s-1EVP\s0 envelope encryption
@@ -152,7 +152,7 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- \s-1EVP\s0 envelope encryption
\& int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
\& int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
\& int *outl, unsigned char *in, int inl);
-\& int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+\& void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
\& int *outl);
.Ve
.SH "DESCRIPTION"
@@ -182,8 +182,7 @@ page.
.IX Header "RETURN VALUES"
\&\fIEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful.
.PP
-\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR return 1 for success and 0 for
-failure.
+\&\fIEVP_SealUpdate()\fR returns 1 for success and 0 for failure.
.SH "NOTES"
.IX Header "NOTES"
Because a random secret key is generated the random number generator
diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3
index 364417675220..3f2f57cadf61 100644
--- a/secure/lib/libcrypto/man/EVP_SignInit.3
+++ b/secure/lib/libcrypto/man/EVP_SignInit.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:43 2002
+.\" Wed Feb 19 21:05:17 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "EVP_SignInit 3"
-.TH EVP_SignInit 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH EVP_SignInit 3 "0.9.6i" "2002-07-10" "OpenSSL"
.UC
.SH "NAME"
EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions
diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3
index 06d78c5a60d3..7613f18bd98a 100644
--- a/secure/lib/libcrypto/man/EVP_VerifyInit.3
+++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:43 2002
+.\" Wed Feb 19 21:05:17 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "EVP_VerifyInit 3"
-.TH EVP_VerifyInit 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH EVP_VerifyInit 3 "0.9.6i" "2002-07-10" "OpenSSL"
.UC
.SH "NAME"
EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verification functions
diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
index 61938c4d645d..8e941937cbb0 100644
--- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
+++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:44 2002
+.\" Wed Feb 19 21:05:18 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "OPENSSL_VERSION_NUMBER 3"
-.TH OPENSSL_VERSION_NUMBER 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH OPENSSL_VERSION_NUMBER 3 "0.9.6i" "2002-01-04" "OpenSSL"
.UC
.SH "NAME"
\&\s-1OPENSSL_VERSION_NUMBER\s0, SSLeay, SSLeay_version \- get OpenSSL version number
diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
index 575f328e0fdd..30687b974697 100644
--- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
+++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:44 2002
+.\" Wed Feb 19 21:05:18 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "OpenSSL_add_all_algorithms 3"
-.TH OpenSSL_add_all_algorithms 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH OpenSSL_add_all_algorithms 3 "0.9.6i" "2000-09-19" "OpenSSL"
.UC
.SH "NAME"
OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests \-
diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3
index 15a7d91b4285..e6e27ca65265 100644
--- a/secure/lib/libcrypto/man/RAND_add.3
+++ b/secure/lib/libcrypto/man/RAND_add.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:45 2002
+.\" Wed Feb 19 21:05:18 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RAND_add 3"
-.TH RAND_add 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH RAND_add 3 "0.9.6i" "2000-03-22" "OpenSSL"
.UC
.SH "NAME"
RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen \- add
diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3
index a3bd3fb942a8..1f56b7da4363 100644
--- a/secure/lib/libcrypto/man/RAND_bytes.3
+++ b/secure/lib/libcrypto/man/RAND_bytes.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:46 2002
+.\" Wed Feb 19 21:05:18 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RAND_bytes 3"
-.TH RAND_bytes 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH RAND_bytes 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
RAND_bytes, RAND_pseudo_bytes \- generate random data
@@ -174,7 +174,8 @@ functions return \-1 if they are not supported by the current \s-1RAND\s0
method.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-rand(3), err(3), RAND_add(3)
+rand(3), ERR_get_error(3),
+RAND_add(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIRAND_bytes()\fR is available in all versions of SSLeay and OpenSSL. It
diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3
index 317e9d38e158..9564b2d98790 100644
--- a/secure/lib/libcrypto/man/RAND_cleanup.3
+++ b/secure/lib/libcrypto/man/RAND_cleanup.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:46 2002
+.\" Wed Feb 19 21:05:18 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RAND_cleanup 3"
-.TH RAND_cleanup 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH RAND_cleanup 3 "0.9.6i" "2000-01-26" "OpenSSL"
.UC
.SH "NAME"
RAND_cleanup \- erase the \s-1PRNG\s0 state
diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3
index d5f628484b23..cffe903c8657 100644
--- a/secure/lib/libcrypto/man/RAND_egd.3
+++ b/secure/lib/libcrypto/man/RAND_egd.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:47 2002
+.\" Wed Feb 19 21:05:19 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RAND_egd 3"
-.TH RAND_egd 3 "0.9.6e" "2001-02-17" "OpenSSL"
+.TH RAND_egd 3 "0.9.6i" "2001-02-08" "OpenSSL"
.UC
.SH "NAME"
RAND_egd \- query entropy gathering daemon
diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3
index c61c51247632..f6cb36448425 100644
--- a/secure/lib/libcrypto/man/RAND_load_file.3
+++ b/secure/lib/libcrypto/man/RAND_load_file.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:47 2002
+.\" Wed Feb 19 21:05:19 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RAND_load_file 3"
-.TH RAND_load_file 3 "0.9.6e" "2001-05-19" "OpenSSL"
+.TH RAND_load_file 3 "0.9.6i" "2001-03-21" "OpenSSL"
.UC
.SH "NAME"
RAND_load_file, RAND_write_file, RAND_file_name \- \s-1PRNG\s0 seed file
diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3
index 3c28fedf2649..43d956b6df21 100644
--- a/secure/lib/libcrypto/man/RAND_set_rand_method.3
+++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:48 2002
+.\" Wed Feb 19 21:05:19 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RAND_set_rand_method 3"
-.TH RAND_set_rand_method 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH RAND_set_rand_method 3 "0.9.6i" "2000-03-03" "OpenSSL"
.UC
.SH "NAME"
RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 method
diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3
index 1ad4f8b7c183..df41937a1283 100644
--- a/secure/lib/libcrypto/man/RSA_blinding_on.3
+++ b/secure/lib/libcrypto/man/RSA_blinding_on.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:49 2002
+.\" Wed Feb 19 21:05:19 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_blinding_on 3"
-.TH RSA_blinding_on 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH RSA_blinding_on 3 "0.9.6i" "2000-02-24" "OpenSSL"
.UC
.SH "NAME"
RSA_blinding_on, RSA_blinding_off \- protect the \s-1RSA\s0 operation from timing attacks
diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3
index f5a5581138e5..ccaa5ccd6fb6 100644
--- a/secure/lib/libcrypto/man/RSA_check_key.3
+++ b/secure/lib/libcrypto/man/RSA_check_key.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:49 2002
+.\" Wed Feb 19 21:05:19 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_check_key 3"
-.TH RSA_check_key 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH RSA_check_key 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
RSA_check_key \- validate private \s-1RSA\s0 keys
@@ -176,7 +176,7 @@ the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all th
key data too.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-rsa(3), err(3)
+rsa(3), ERR_get_error(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIRSA_check()\fR appeared in OpenSSL 0.9.4.
diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3
index 50e23bc3c4fb..d7228b6aff0b 100644
--- a/secure/lib/libcrypto/man/RSA_generate_key.3
+++ b/secure/lib/libcrypto/man/RSA_generate_key.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:50 2002
+.\" Wed Feb 19 21:05:20 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_generate_key 3"
-.TH RSA_generate_key 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH RSA_generate_key 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
RSA_generate_key \- generate \s-1RSA\s0 key pair
@@ -186,7 +186,8 @@ error codes can be obtained by ERR_get_error(3).
\&\fIRSA_generate_key()\fR goes into an infinite loop for illegal input values.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-err(3), rand(3), rsa(3), RSA_free(3)
+ERR_get_error(3), rand(3), rsa(3),
+RSA_free(3)
.SH "HISTORY"
.IX Header "HISTORY"
The \fBcb_arg\fR argument was added in SSLeay 0.9.0.
diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
index f8fccb71e7ba..966dde4cf070 100644
--- a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:50 2002
+.\" Wed Feb 19 21:05:20 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_get_ex_new_index 3"
-.TH RSA_get_ex_new_index 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH RSA_get_ex_new_index 3 "0.9.6i" "2000-09-14" "OpenSSL"
.UC
.SH "NAME"
RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \- add application specific data to \s-1RSA\s0 structures
diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3
index 7869f1af210c..ed4e8fb597c3 100644
--- a/secure/lib/libcrypto/man/RSA_new.3
+++ b/secure/lib/libcrypto/man/RSA_new.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:51 2002
+.\" Wed Feb 19 21:05:20 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_new 3"
-.TH RSA_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH RSA_new 3 "0.9.6i" "2000-01-26" "OpenSSL"
.UC
.SH "NAME"
RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects
diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
index fb2dba4b2432..8994f7b4592a 100644
--- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
+++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:52 2002
+.\" Wed Feb 19 21:05:20 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_padding_add_PKCS1_type_1 3"
-.TH RSA_padding_add_PKCS1_type_1 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH RSA_padding_add_PKCS1_type_1 3 "0.9.6i" "2000-02-24" "OpenSSL"
.UC
.SH "NAME"
RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3
index 9a0494c627ac..aec391283b9f 100644
--- a/secure/lib/libcrypto/man/RSA_print.3
+++ b/secure/lib/libcrypto/man/RSA_print.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:52 2002
+.\" Wed Feb 19 21:05:20 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,12 +138,12 @@
.\" ======================================================================
.\"
.IX Title "RSA_print 3"
-.TH RSA_print 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH RSA_print 3 "0.9.6i" "2002-11-29" "OpenSSL"
.UC
.SH "NAME"
-RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print,
-DSA_print_fp, DHparams_print, DHparams_print_fp \- print cryptographic
-parameters
+RSA_print, RSA_print_fp,
+DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
+DHparams_print, DHparams_print_fp \- print cryptographic parameters
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3
index e7e63f62052d..a14dd61da999 100644
--- a/secure/lib/libcrypto/man/RSA_private_encrypt.3
+++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:53 2002
+.\" Wed Feb 19 21:05:21 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_private_encrypt 3"
-.TH RSA_private_encrypt 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH RSA_private_encrypt 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
RSA_private_encrypt, RSA_public_decrypt \- low level signature operations
@@ -192,7 +192,8 @@ On error, \-1 is returned; the error codes can be
obtained by ERR_get_error(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-err(3), rsa(3), RSA_sign(3), RSA_verify(3)
+ERR_get_error(3), rsa(3),
+RSA_sign(3), RSA_verify(3)
.SH "HISTORY"
.IX Header "HISTORY"
The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is
diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3
index 407b57899ae9..f6e47cd0a4d4 100644
--- a/secure/lib/libcrypto/man/RSA_public_encrypt.3
+++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:54 2002
+.\" Wed Feb 19 21:05:21 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_public_encrypt 3"
-.TH RSA_public_encrypt 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH RSA_public_encrypt 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
RSA_public_encrypt, RSA_private_decrypt \- \s-1RSA\s0 public key cryptography
@@ -202,7 +202,8 @@ obtained by ERR_get_error(3).
\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-err(3), rand(3), rsa(3), RSA_size(3)
+ERR_get_error(3), rand(3), rsa(3),
+RSA_size(3)
.SH "NOTES"
.IX Header "NOTES"
The RSA_PKCS1_RSAref(3) method supports only the \s-1RSA_PKCS1_PADDING\s0 mode.
diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3
index df5575754efc..30b91a7c8a43 100644
--- a/secure/lib/libcrypto/man/RSA_set_method.3
+++ b/secure/lib/libcrypto/man/RSA_set_method.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:54 2002
+.\" Wed Feb 19 21:05:21 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_set_method 3"
-.TH RSA_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH RSA_set_method 3 "0.9.6i" "2000-09-14" "OpenSSL"
.UC
.SH "NAME"
RSA_set_default_method, RSA_get_default_method, RSA_set_method,
diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3
index 7698a4abd044..c3979dc8ba4d 100644
--- a/secure/lib/libcrypto/man/RSA_sign.3
+++ b/secure/lib/libcrypto/man/RSA_sign.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:55 2002
+.\" Wed Feb 19 21:05:21 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_sign 3"
-.TH RSA_sign 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH RSA_sign 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
RSA_sign, RSA_verify \- \s-1RSA\s0 signatures
@@ -187,8 +187,8 @@ for compatibility with SSLeay 0.4.5 :\-)
\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-err(3), objects(3), rsa(3),
-RSA_private_encrypt(3),
+ERR_get_error(3), objects(3),
+rsa(3), RSA_private_encrypt(3),
RSA_public_decrypt(3)
.SH "HISTORY"
.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
index 978dfa9ce6a0..81a624c80775 100644
--- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
+++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:55 2002
+.\" Wed Feb 19 21:05:21 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_sign_ASN1_OCTET_STRING 3"
-.TH RSA_sign_ASN1_OCTET_STRING 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH RSA_sign_ASN1_OCTET_STRING 3 "0.9.6i" "2002-09-25" "OpenSSL"
.UC
.SH "NAME"
RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- \s-1RSA\s0 signatures
@@ -185,8 +185,8 @@ The error codes can be obtained by ERR_get_error(3).
These functions serve no recognizable purpose.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-err(3), objects(3), rand(3),
-rsa(3), RSA_sign(3),
+ERR_get_error(3), objects(3),
+rand(3), rsa(3), RSA_sign(3),
RSA_verify(3)
.SH "HISTORY"
.IX Header "HISTORY"
diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3
index 4c195b81b242..c04f54f1fa19 100644
--- a/secure/lib/libcrypto/man/RSA_size.3
+++ b/secure/lib/libcrypto/man/RSA_size.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:56 2002
+.\" Wed Feb 19 21:05:22 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_size 3"
-.TH RSA_size 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH RSA_size 3 "0.9.6i" "2000-02-24" "OpenSSL"
.UC
.SH "NAME"
RSA_size \- get \s-1RSA\s0 modulus size
diff --git a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 b/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3
index 2f25fb8b3955..72d6e9c4c1f9 100644
--- a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3
+++ b/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:12 2002
+.\" Wed Feb 19 21:05:27 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CIPHER_get_name 3"
-.TH SSL_CIPHER_get_name 3 "0.9.6e" "2001-05-19" "OpenSSL"
+.TH SSL_CIPHER_get_name 3 "0.9.6i" "2001-02-15" "OpenSSL"
.UC
.SH "NAME"
SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get \s-1SSL_CIPHER\s0 properties
diff --git a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 b/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3
index df9c0a0bea29..2dda30310d83 100644
--- a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3
+++ b/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:13 2002
+.\" Wed Feb 19 21:05:27 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_COMP_add_compression_method 3"
-.TH SSL_COMP_add_compression_method 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_COMP_add_compression_method 3 "0.9.6i" "2001-08-23" "OpenSSL"
.UC
.SH "NAME"
SSL_COMP_add_compression_method \- handle \s-1SSL/TLS\s0 integrated compression methods
diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3
index 6fe189feeffb..04b84abcc4ed 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:14 2002
+.\" Wed Feb 19 21:05:27 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_add_extra_chain_cert 3"
-.TH SSL_CTX_add_extra_chain_cert 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SSL_CTX_add_extra_chain_cert 3 "0.9.6i" "2002-02-15" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_add_extra_chain_cert \- add certificate to chain
diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_session.3 b/secure/lib/libcrypto/man/SSL_CTX_add_session.3
index 8e2bea203ac1..62fe5ffa816e 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_add_session.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_add_session.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:14 2002
+.\" Wed Feb 19 21:05:28 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_add_session 3"
-.TH SSL_CTX_add_session 3 "0.9.6e" "2001-02-17" "OpenSSL"
+.TH SSL_CTX_add_session 3 "0.9.6i" "2002-10-29" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \- manipulate session cache
@@ -176,6 +176,14 @@ stored in a different \s-1SSL_SESSION\s0 object, The old session is
removed and replaced by the new session. If the session is actually
identical (the \s-1SSL_SESSION\s0 object is identical), \fISSL_CTX_add_session()\fR
is a no-op, and the return value is 0.
+.PP
+If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0
+flag then the internal cache will not be populated automatically by new
+sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal
+cache will be searched automatically for session-resume requests (the
+latter can be surpressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the
+application can use \fISSL_CTX_add_session()\fR directly to have full control
+over the sessions that can be resumed if desired.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The following values are returned by all functions:
diff --git a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 b/secure/lib/libcrypto/man/SSL_CTX_ctrl.3
index 58fb3743a2d3..605899e5b20f 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_ctrl.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:15 2002
+.\" Wed Feb 19 21:05:28 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_ctrl 3"
-.TH SSL_CTX_ctrl 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_CTX_ctrl 3 "0.9.6i" "2001-09-13" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects
diff --git a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 b/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3
index 07740f0cc688..d48333ac55dc 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:15 2002
+.\" Wed Feb 19 21:05:28 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_flush_sessions 3"
-.TH SSL_CTX_flush_sessions 3 "0.9.6e" "2001-02-17" "OpenSSL"
+.TH SSL_CTX_flush_sessions 3 "0.9.6i" "2001-02-04" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions
diff --git a/secure/lib/libcrypto/man/SSL_CTX_free.3 b/secure/lib/libcrypto/man/SSL_CTX_free.3
index 537d73f21598..e5d4e880df72 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_free.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_free.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:16 2002
+.\" Wed Feb 19 21:05:28 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_free 3"
-.TH SSL_CTX_free 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_CTX_free 3 "0.9.6i" "2001-09-13" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_free \- free an allocated \s-1SSL_CTX\s0 object
diff --git a/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3
index 1d5ee3ca8aa3..d9eedfc7d0a1 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:17 2002
+.\" Wed Feb 19 21:05:28 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_get_ex_new_index 3"
-.TH SSL_CTX_get_ex_new_index 3 "0.9.6e" "2001-07-19" "OpenSSL"
+.TH SSL_CTX_get_ex_new_index 3 "0.9.6i" "2001-05-14" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal application specific data functions
diff --git a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3
index b4ffd9267ad9..78ac5d412f85 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:17 2002
+.\" Wed Feb 19 21:05:29 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_get_verify_mode 3"
-.TH SSL_CTX_get_verify_mode 3 "0.9.6e" "2001-02-17" "OpenSSL"
+.TH SSL_CTX_get_verify_mode 3 "0.9.6i" "2001-01-28" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters
diff --git a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3
index 61ccfea84ab5..9eff3dc64ff2 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:18 2002
+.\" Wed Feb 19 21:05:29 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_load_verify_locations 3"
-.TH SSL_CTX_load_verify_locations 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_CTX_load_verify_locations 3 "0.9.6i" "2001-09-13" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_load_verify_locations \- set default locations for trusted \s-1CA\s0
diff --git a/secure/lib/libcrypto/man/SSL_CTX_new.3 b/secure/lib/libcrypto/man/SSL_CTX_new.3
index 9660af29d49c..21020157d250 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_new.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_new.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:18 2002
+.\" Wed Feb 19 21:05:29 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_new 3"
-.TH SSL_CTX_new 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_CTX_new 3 "0.9.6i" "2001-07-25" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s0 enabled functions
diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_number.3
index 65efe321195a..a668075f63fa 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_sess_number.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:19 2002
+.\" Wed Feb 19 21:05:29 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_sess_number 3"
-.TH SSL_CTX_sess_number 3 "0.9.6e" "2001-05-19" "OpenSSL"
+.TH SSL_CTX_sess_number 3 "0.9.6i" "2001-02-15" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics
diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3
index e18279144c7b..3c0a2208b7b3 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:20 2002
+.\" Wed Feb 19 21:05:29 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_sess_set_cache_size 3"
-.TH SSL_CTX_sess_set_cache_size 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SSL_CTX_sess_set_cache_size 3 "0.9.6i" "2002-07-10" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size
diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3
index c7ecde511649..284bf633ce23 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:20 2002
+.\" Wed Feb 19 21:05:30 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_sess_set_get_cb 3"
-.TH SSL_CTX_sess_set_get_cb 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SSL_CTX_sess_set_get_cb 3 "0.9.6i" "2002-07-10" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching
diff --git a/secure/lib/libcrypto/man/SSL_CTX_sessions.3 b/secure/lib/libcrypto/man/SSL_CTX_sessions.3
index 19802ef6ff9b..ca964d10fcb6 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_sessions.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_sessions.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:21 2002
+.\" Wed Feb 19 21:05:30 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_sessions 3"
-.TH SSL_CTX_sessions 3 "0.9.6e" "2001-05-19" "OpenSSL"
+.TH SSL_CTX_sessions 3 "0.9.6i" "2001-02-15" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_sessions \- access internal session cache
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3
index 82f6f7f40f39..becad619d87d 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:21 2002
+.\" Wed Feb 19 21:05:30 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_cert_store 3"
-.TH SSL_CTX_set_cert_store 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SSL_CTX_set_cert_store 3 "0.9.6i" "2002-06-04" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3
index a197941ce5d1..e7f4548c9ce5 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:22 2002
+.\" Wed Feb 19 21:05:30 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_cert_verify_callback 3"
-.TH SSL_CTX_set_cert_verify_callback 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_CTX_set_cert_verify_callback 3 "0.9.6i" "2001-08-23" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3
index 96ea95304bfe..f017f740b6cc 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:23 2002
+.\" Wed Feb 19 21:05:30 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_cipher_list 3"
-.TH SSL_CTX_set_cipher_list 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_CTX_set_cipher_list 3 "0.9.6i" "2001-07-23" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIPHERs
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3
index e440c6a3e941..9ea9a5139c01 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:23 2002
+.\" Wed Feb 19 21:05:31 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_client_CA_list 3"
-.TH SSL_CTX_set_client_CA_list 3 "0.9.6e" "2001-07-19" "OpenSSL"
+.TH SSL_CTX_set_client_CA_list 3 "0.9.6i" "2001-04-12" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3
index a0f450f28e42..bdc89c419863 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:24 2002
+.\" Wed Feb 19 21:05:31 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_client_cert_cb 3"
-.TH SSL_CTX_set_client_cert_cb 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SSL_CTX_set_client_cert_cb 3 "0.9.6i" "2002-06-12" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3
index 402a89d5e0aa..67b77d00cef7 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:24 2002
+.\" Wed Feb 19 21:05:31 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_default_passwd_cb 3"
-.TH SSL_CTX_set_default_passwd_cb 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_CTX_set_default_passwd_cb 3 "0.9.6i" "2001-07-11" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted \s-1PEM\s0 file handling
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3
index e834e944eaa3..3302dd9c77b2 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:25 2002
+.\" Wed Feb 19 21:05:31 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_info_callback 3"
-.TH SSL_CTX_set_info_callback 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_CTX_set_info_callback 3 "0.9.6i" "2001-11-09" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for \s-1SSL\s0 connections
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_set_mode.3
index 4ed6233e952f..3bb45ca53ccd 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_mode.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:26 2002
+.\" Wed Feb 19 21:05:32 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_mode 3"
-.TH SSL_CTX_set_mode 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_CTX_set_mode 3 "0.9.6i" "2001-07-11" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate \s-1SSL\s0 engine mode
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_options.3 b/secure/lib/libcrypto/man/SSL_CTX_set_options.3
index 77d9e085a265..ac05accfedd3 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_options.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_options.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:26 2002
+.\" Wed Feb 19 21:05:32 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_options 3"
-.TH SSL_CTX_set_options 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SSL_CTX_set_options 3 "0.9.6i" "2002-07-10" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate \s-1SSL\s0 engine options
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3
index af9c079d3ac2..7e7a42a9376e 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:27 2002
+.\" Wed Feb 19 21:05:32 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_quiet_shutdown 3"
-.TH SSL_CTX_set_quiet_shutdown 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_CTX_set_quiet_shutdown 3 "0.9.6i" "2001-08-17" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3
index 3f5f5ae06daf..3f6726a0a85a 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:28 2002
+.\" Wed Feb 19 21:05:32 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_session_cache_mode 3"
-.TH SSL_CTX_set_session_cache_mode 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_CTX_set_session_cache_mode 3 "0.9.6i" "2002-10-29" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching
@@ -165,12 +165,14 @@ The sessions can be held in memory for each \fBctx\fR, if more than one
object.
.PP
In order to reuse a session, a client must send the session's id to the
-server. It can only send exactly one id. The server then decides whether it
-agrees in reusing the session or starts the handshake for a new session.
+server. It can only send exactly one id. The server then either
+agrees to reuse the session or it starts a full handshake (to create a new
+session).
.PP
-A server will lookup up the session in its internal session storage. If
-the session is not found in internal storage or internal storage is
-deactivated, the server will try the external storage if available.
+A server will lookup up the session in its internal session storage. If the
+session is not found in internal storage or lookups for the internal storage
+have been deactivated (\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0), the server will try
+the external storage if available.
.PP
Since a client may try to reuse a session intended for use in a different
context, the session id context must be set by the server (see
@@ -191,9 +193,10 @@ function. This option is not activated by default.
.Ip "\s-1SSL_SESS_CACHE_SERVER\s0" 4
.IX Item "SSL_SESS_CACHE_SERVER"
Server sessions are added to the session cache. When a client proposes a
-session to be reused, the session is looked up in the internal session cache.
-If the session is found, the server will try to reuse the session.
-This is the default.
+session to be reused, the server looks for the corresponding session in (first)
+the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set),
+then (second) in the external cache if available. If the session is found, the
+server will try to reuse the session. This is the default.
.Ip "\s-1SSL_SESS_CACHE_BOTH\s0" 4
.IX Item "SSL_SESS_CACHE_BOTH"
Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time.
@@ -208,11 +211,28 @@ SSL_CTX_flush_sessions(3) can be called
explicitly by the application.
.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4
.IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP"
-By setting this flag sessions are cached in the internal storage but
-they are not looked up automatically. If an external session cache
-is enabled, sessions are looked up in the external cache. As automatic
-lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on
+By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not
+automatically look up sessions in the internal cache, even if sessions are
+automatically stored there. If external session caching callbacks are in use,
+this flag guarantees that all lookups are directed to the external cache.
+As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on
clients.
+.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4
+.IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE"
+Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER\s0,
+sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse.
+Normally a new session is added to the internal cache as well as any external
+session caching (callback) that is configured for the \s-1SSL_CTX\s0. This flag will
+prevent sessions being stored in the internal cache (though the application can
+add them manually using SSL_CTX_add_session(3)). Note:
+in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful
+session lookups in the external cache (ie. for session-resume requests) would
+normally be copied into the local cache before processing continues \- this flag
+prevents these additions to the internal cache as well.
+.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4
+.IX Item "SSL_SESS_CACHE_NO_INTERNAL"
+Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and
+\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time.
.PP
The default mode is \s-1SSL_SESS_CACHE_SERVER\s0.
.SH "RETURN VALUES"
@@ -224,9 +244,14 @@ The default mode is \s-1SSL_SESS_CACHE_SERVER\s0.
.IX Header "SEE ALSO"
ssl(3), SSL_set_session(3),
SSL_session_reused(3),
+SSL_CTX_add_session(3),
SSL_CTX_sess_number(3),
SSL_CTX_sess_set_cache_size(3),
SSL_CTX_sess_set_get_cb(3),
SSL_CTX_set_session_id_context(3),
SSL_CTX_set_timeout(3),
SSL_CTX_flush_sessions(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 and \s-1SSL_SESS_CACHE_NO_INTERNAL\s0
+were introduced in OpenSSL 0.9.6h.
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3
index 5f7c530d7ae3..303fa64eef43 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:28 2002
+.\" Wed Feb 19 21:05:32 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_session_id_context 3"
-.TH SSL_CTX_set_session_id_context 3 "0.9.6e" "2001-02-17" "OpenSSL"
+.TH SSL_CTX_set_session_id_context 3 "0.9.6i" "2001-01-31" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only)
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3
index 13be7042ddfd..289a5719a2ae 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:29 2002
+.\" Wed Feb 19 21:05:33 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_ssl_version 3"
-.TH SSL_CTX_set_ssl_version 3 "0.9.6e" "2001-05-19" "OpenSSL"
+.TH SSL_CTX_set_ssl_version 3 "0.9.6i" "2001-03-08" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 b/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3
index 0d9466492091..fdd0f1d53a0f 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:29 2002
+.\" Wed Feb 19 21:05:33 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_timeout 3"
-.TH SSL_CTX_set_timeout 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_CTX_set_timeout 3 "0.9.6i" "2001-08-17" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
index 8f831357a7ef..ae790b643b51 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:30 2002
+.\" Wed Feb 19 21:05:33 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_tmp_dh_callback 3"
-.TH SSL_CTX_set_tmp_dh_callback 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_CTX_set_tmp_dh_callback 3 "0.9.6i" "2001-09-13" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle \s-1DH\s0 keys for ephemeral key exchange
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3
index 350e62197f2c..83abb3c388c2 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:31 2002
+.\" Wed Feb 19 21:05:33 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_tmp_rsa_callback 3"
-.TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.6i" "2001-09-13" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle \s-1RSA\s0 keys for ephemeral key exchange
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 b/secure/lib/libcrypto/man/SSL_CTX_set_verify.3
index cc4b22a88b5a..d4c121ae97a4 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_verify.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:31 2002
+.\" Wed Feb 19 21:05:33 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_set_verify 3"
-.TH SSL_CTX_set_verify 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_CTX_set_verify 3 "0.9.6i" "2002-12-04" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters
@@ -370,7 +370,7 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)).
\& * At this point, err contains the last verification error. We can use
\& * it for something special
\& */
-\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
+\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
\& {
\& X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
\& printf("issuer= %s\en", buf);
diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 b/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3
index 159cc732880b..ecbf9fc1754b 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:32 2002
+.\" Wed Feb 19 21:05:34 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_CTX_use_certificate 3"
-.TH SSL_CTX_use_certificate 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SSL_CTX_use_certificate 3 "0.9.6i" "2002-02-15" "OpenSSL"
.UC
.SH "NAME"
SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_free.3 b/secure/lib/libcrypto/man/SSL_SESSION_free.3
index a81b4bb50010..7aee725de175 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_free.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_free.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:33 2002
+.\" Wed Feb 19 21:05:34 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_SESSION_free 3"
-.TH SSL_SESSION_free 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_SESSION_free 3 "0.9.6i" "2001-10-12" "OpenSSL"
.UC
.SH "NAME"
SSL_SESSION_free \- free an allocated \s-1SSL_SESSION\s0 structure
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3
index 22e7422c7bbd..1ad4d261f652 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:33 2002
+.\" Wed Feb 19 21:05:34 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_SESSION_get_ex_new_index 3"
-.TH SSL_SESSION_get_ex_new_index 3 "0.9.6e" "2001-07-19" "OpenSSL"
+.TH SSL_SESSION_get_ex_new_index 3 "0.9.6i" "2001-05-14" "OpenSSL"
.UC
.SH "NAME"
SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \- internal application specific data functions
diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_time.3
index ebc0e3860d6c..f8556da9e50a 100644
--- a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3
+++ b/secure/lib/libcrypto/man/SSL_SESSION_get_time.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:34 2002
+.\" Wed Feb 19 21:05:34 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_SESSION_get_time 3"
-.TH SSL_SESSION_get_time 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_SESSION_get_time 3 "0.9.6i" "2001-08-17" "OpenSSL"
.UC
.SH "NAME"
SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout \- retrieve and manipulate session time and timeout settings
diff --git a/secure/lib/libcrypto/man/SSL_accept.3 b/secure/lib/libcrypto/man/SSL_accept.3
index ca2c4d888725..ae802b2d90b6 100644
--- a/secure/lib/libcrypto/man/SSL_accept.3
+++ b/secure/lib/libcrypto/man/SSL_accept.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:34 2002
+.\" Wed Feb 19 21:05:35 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_accept 3"
-.TH SSL_accept 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SSL_accept 3 "0.9.6i" "2002-07-19" "OpenSSL"
.UC
.SH "NAME"
SSL_accept \- wait for a \s-1TLS/SSL\s0 client to initiate a \s-1TLS/SSL\s0 handshake
diff --git a/secure/lib/libcrypto/man/SSL_alert_type_string.3 b/secure/lib/libcrypto/man/SSL_alert_type_string.3
index 32a8b3bf34dc..34f3bb663825 100644
--- a/secure/lib/libcrypto/man/SSL_alert_type_string.3
+++ b/secure/lib/libcrypto/man/SSL_alert_type_string.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:35 2002
+.\" Wed Feb 19 21:05:35 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_alert_type_string 3"
-.TH SSL_alert_type_string 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_alert_type_string 3 "0.9.6i" "2001-09-13" "OpenSSL"
.UC
.SH "NAME"
SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information
diff --git a/secure/lib/libcrypto/man/SSL_clear.3 b/secure/lib/libcrypto/man/SSL_clear.3
index 6f7bb61d13a2..9fd23a04ac38 100644
--- a/secure/lib/libcrypto/man/SSL_clear.3
+++ b/secure/lib/libcrypto/man/SSL_clear.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:36 2002
+.\" Wed Feb 19 21:05:35 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_clear 3"
-.TH SSL_clear 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SSL_clear 3 "0.9.6i" "2002-02-27" "OpenSSL"
.UC
.SH "NAME"
SSL_clear \- reset \s-1SSL\s0 object to allow another connection
diff --git a/secure/lib/libcrypto/man/SSL_connect.3 b/secure/lib/libcrypto/man/SSL_connect.3
index ad19131367da..f4e058501d3c 100644
--- a/secure/lib/libcrypto/man/SSL_connect.3
+++ b/secure/lib/libcrypto/man/SSL_connect.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:36 2002
+.\" Wed Feb 19 21:05:35 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_connect 3"
-.TH SSL_connect 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SSL_connect 3 "0.9.6i" "2002-07-19" "OpenSSL"
.UC
.SH "NAME"
SSL_connect \- initiate the \s-1TLS/SSL\s0 handshake with an \s-1TLS/SSL\s0 server
diff --git a/secure/lib/libcrypto/man/SSL_do_handshake.3 b/secure/lib/libcrypto/man/SSL_do_handshake.3
index 0214192868be..83ac5b49582a 100644
--- a/secure/lib/libcrypto/man/SSL_do_handshake.3
+++ b/secure/lib/libcrypto/man/SSL_do_handshake.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:37 2002
+.\" Wed Feb 19 21:05:35 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_do_handshake 3"
-.TH SSL_do_handshake 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SSL_do_handshake 3 "0.9.6i" "2002-07-19" "OpenSSL"
.UC
.SH "NAME"
SSL_do_handshake \- perform a \s-1TLS/SSL\s0 handshake
diff --git a/secure/lib/libcrypto/man/SSL_free.3 b/secure/lib/libcrypto/man/SSL_free.3
index c905cfd428eb..cca8f536f321 100644
--- a/secure/lib/libcrypto/man/SSL_free.3
+++ b/secure/lib/libcrypto/man/SSL_free.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:38 2002
+.\" Wed Feb 19 21:05:36 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_free 3"
-.TH SSL_free 3 "0.9.6e" "2001-05-19" "OpenSSL"
+.TH SSL_free 3 "0.9.6i" "2001-02-13" "OpenSSL"
.UC
.SH "NAME"
SSL_free \- free an allocated \s-1SSL\s0 structure
diff --git a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 b/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3
index 874ee38204ef..111e0461fe98 100644
--- a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3
+++ b/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:38 2002
+.\" Wed Feb 19 21:05:36 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_get_SSL_CTX 3"
-.TH SSL_get_SSL_CTX 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_get_SSL_CTX 3 "0.9.6i" "2001-08-17" "OpenSSL"
.UC
.SH "NAME"
SSL_get_SSL_CTX \- get the \s-1SSL_CTX\s0 from which an \s-1SSL\s0 is created
diff --git a/secure/lib/libcrypto/man/SSL_get_ciphers.3 b/secure/lib/libcrypto/man/SSL_get_ciphers.3
index 3e8477b4adae..eea1ebb35943 100644
--- a/secure/lib/libcrypto/man/SSL_get_ciphers.3
+++ b/secure/lib/libcrypto/man/SSL_get_ciphers.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:39 2002
+.\" Wed Feb 19 21:05:36 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_get_ciphers 3"
-.TH SSL_get_ciphers 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH SSL_get_ciphers 3 "0.9.6i" "2000-09-18" "OpenSSL"
.UC
.SH "NAME"
SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs
diff --git a/secure/lib/libcrypto/man/SSL_get_client_CA_list.3 b/secure/lib/libcrypto/man/SSL_get_client_CA_list.3
index f0f8af03d177..d954dacd8cbe 100644
--- a/secure/lib/libcrypto/man/SSL_get_client_CA_list.3
+++ b/secure/lib/libcrypto/man/SSL_get_client_CA_list.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:39 2002
+.\" Wed Feb 19 21:05:36 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_get_client_CA_list 3"
-.TH SSL_get_client_CA_list 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SSL_get_client_CA_list 3 "0.9.6i" "2002-02-15" "OpenSSL"
.UC
.SH "NAME"
SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs
diff --git a/secure/lib/libcrypto/man/SSL_get_current_cipher.3 b/secure/lib/libcrypto/man/SSL_get_current_cipher.3
index 4d5bca4f6502..cd0f938fe663 100644
--- a/secure/lib/libcrypto/man/SSL_get_current_cipher.3
+++ b/secure/lib/libcrypto/man/SSL_get_current_cipher.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:40 2002
+.\" Wed Feb 19 21:05:37 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_get_current_cipher 3"
-.TH SSL_get_current_cipher 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH SSL_get_current_cipher 3 "0.9.6i" "2000-09-18" "OpenSSL"
.UC
.SH "NAME"
SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name,
diff --git a/secure/lib/libcrypto/man/SSL_get_default_timeout.3 b/secure/lib/libcrypto/man/SSL_get_default_timeout.3
index 38525e778356..7b352473ec92 100644
--- a/secure/lib/libcrypto/man/SSL_get_default_timeout.3
+++ b/secure/lib/libcrypto/man/SSL_get_default_timeout.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:41 2002
+.\" Wed Feb 19 21:05:37 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_get_default_timeout 3"
-.TH SSL_get_default_timeout 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_get_default_timeout 3 "0.9.6i" "2001-08-17" "OpenSSL"
.UC
.SH "NAME"
SSL_get_default_timeout \- get default session timeout value
diff --git a/secure/lib/libcrypto/man/SSL_get_error.3 b/secure/lib/libcrypto/man/SSL_get_error.3
index c5d74cc31994..1e8164d433a0 100644
--- a/secure/lib/libcrypto/man/SSL_get_error.3
+++ b/secure/lib/libcrypto/man/SSL_get_error.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:41 2002
+.\" Wed Feb 19 21:05:37 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_get_error 3"
-.TH SSL_get_error 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SSL_get_error 3 "0.9.6i" "2002-07-29" "OpenSSL"
.UC
.SH "NAME"
SSL_get_error \- obtain result code for \s-1TLS/SSL\s0 I/O operation
diff --git a/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
index ef03a576cc44..5920e2487a23 100644
--- a/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
+++ b/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:42 2002
+.\" Wed Feb 19 21:05:37 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3"
-.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.6e" "2001-02-17" "OpenSSL"
+.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.6i" "2001-01-28" "OpenSSL"
.UC
.SH "NAME"
SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access \s-1SSL\s0 structure
diff --git a/secure/lib/libcrypto/man/SSL_get_ex_new_index.3 b/secure/lib/libcrypto/man/SSL_get_ex_new_index.3
index 09afa617a51b..6153d5328e6d 100644
--- a/secure/lib/libcrypto/man/SSL_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/SSL_get_ex_new_index.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:42 2002
+.\" Wed Feb 19 21:05:38 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_get_ex_new_index 3"
-.TH SSL_get_ex_new_index 3 "0.9.6e" "2001-07-19" "OpenSSL"
+.TH SSL_get_ex_new_index 3 "0.9.6i" "2001-05-14" "OpenSSL"
.UC
.SH "NAME"
SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application specific data functions
diff --git a/secure/lib/libcrypto/man/SSL_get_fd.3 b/secure/lib/libcrypto/man/SSL_get_fd.3
index 4d077fe9cd9f..bc5dc1fd6325 100644
--- a/secure/lib/libcrypto/man/SSL_get_fd.3
+++ b/secure/lib/libcrypto/man/SSL_get_fd.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:43 2002
+.\" Wed Feb 19 21:05:38 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_get_fd 3"
-.TH SSL_get_fd 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH SSL_get_fd 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
SSL_get_fd \- get file descriptor linked to an \s-1SSL\s0 object
diff --git a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 b/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3
index 6185b124902a..2152905dd4c1 100644
--- a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3
+++ b/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:44 2002
+.\" Wed Feb 19 21:05:38 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_get_peer_cert_chain 3"
-.TH SSL_get_peer_cert_chain 3 "0.9.6e" "2001-05-19" "OpenSSL"
+.TH SSL_get_peer_cert_chain 3 "0.9.6i" "2001-02-15" "OpenSSL"
.UC
.SH "NAME"
SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer
diff --git a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 b/secure/lib/libcrypto/man/SSL_get_peer_certificate.3
index 49acf8b6a015..bd2c2c961fee 100644
--- a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3
+++ b/secure/lib/libcrypto/man/SSL_get_peer_certificate.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:44 2002
+.\" Wed Feb 19 21:05:39 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_get_peer_certificate 3"
-.TH SSL_get_peer_certificate 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_get_peer_certificate 3 "0.9.6i" "2001-09-13" "OpenSSL"
.UC
.SH "NAME"
SSL_get_peer_certificate \- get the X509 certificate of the peer
diff --git a/secure/lib/libcrypto/man/SSL_get_rbio.3 b/secure/lib/libcrypto/man/SSL_get_rbio.3
index a8719afa3efc..542f882061cd 100644
--- a/secure/lib/libcrypto/man/SSL_get_rbio.3
+++ b/secure/lib/libcrypto/man/SSL_get_rbio.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:45 2002
+.\" Wed Feb 19 21:05:39 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_get_rbio 3"
-.TH SSL_get_rbio 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH SSL_get_rbio 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
SSL_get_rbio \- get \s-1BIO\s0 linked to an \s-1SSL\s0 object
diff --git a/secure/lib/libcrypto/man/SSL_get_session.3 b/secure/lib/libcrypto/man/SSL_get_session.3
index bcfd33bdc7c2..9051b91678d9 100644
--- a/secure/lib/libcrypto/man/SSL_get_session.3
+++ b/secure/lib/libcrypto/man/SSL_get_session.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:45 2002
+.\" Wed Feb 19 21:05:39 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_get_session 3"
-.TH SSL_get_session 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_get_session 3 "0.9.6i" "2001-11-19" "OpenSSL"
.UC
.SH "NAME"
SSL_get_session \- retrieve \s-1TLS/SSL\s0 session data
diff --git a/secure/lib/libcrypto/man/SSL_get_verify_result.3 b/secure/lib/libcrypto/man/SSL_get_verify_result.3
index 86762cabacea..4193bfd3bfd4 100644
--- a/secure/lib/libcrypto/man/SSL_get_verify_result.3
+++ b/secure/lib/libcrypto/man/SSL_get_verify_result.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:46 2002
+.\" Wed Feb 19 21:05:39 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_get_verify_result 3"
-.TH SSL_get_verify_result 3 "0.9.6e" "2001-05-19" "OpenSSL"
+.TH SSL_get_verify_result 3 "0.9.6i" "2001-02-15" "OpenSSL"
.UC
.SH "NAME"
SSL_get_verify_result \- get result of peer certificate verification
diff --git a/secure/lib/libcrypto/man/SSL_get_version.3 b/secure/lib/libcrypto/man/SSL_get_version.3
index c80c552e57d1..b776c83a8dd6 100644
--- a/secure/lib/libcrypto/man/SSL_get_version.3
+++ b/secure/lib/libcrypto/man/SSL_get_version.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:47 2002
+.\" Wed Feb 19 21:05:40 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_get_version 3"
-.TH SSL_get_version 3 "0.9.6e" "2001-05-19" "OpenSSL"
+.TH SSL_get_version 3 "0.9.6i" "2001-02-23" "OpenSSL"
.UC
.SH "NAME"
SSL_get_version \- get the protocol version of a connection.
diff --git a/secure/lib/libcrypto/man/SSL_library_init.3 b/secure/lib/libcrypto/man/SSL_library_init.3
index 437f1da1a87f..0cc345db41e1 100644
--- a/secure/lib/libcrypto/man/SSL_library_init.3
+++ b/secure/lib/libcrypto/man/SSL_library_init.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:47 2002
+.\" Wed Feb 19 21:05:40 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_library_init 3"
-.TH SSL_library_init 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH SSL_library_init 3 "0.9.6i" "2000-09-21" "OpenSSL"
.UC
.SH "NAME"
SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms
diff --git a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 b/secure/lib/libcrypto/man/SSL_load_client_CA_file.3
index 886985386898..b278f43e1b66 100644
--- a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3
+++ b/secure/lib/libcrypto/man/SSL_load_client_CA_file.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:48 2002
+.\" Wed Feb 19 21:05:41 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_load_client_CA_file 3"
-.TH SSL_load_client_CA_file 3 "0.9.6e" "2001-02-17" "OpenSSL"
+.TH SSL_load_client_CA_file 3 "0.9.6i" "2000-10-11" "OpenSSL"
.UC
.SH "NAME"
SSL_load_client_CA_file \- load certificate names from file
diff --git a/secure/lib/libcrypto/man/SSL_new.3 b/secure/lib/libcrypto/man/SSL_new.3
index 976e31ecee87..c1a5fd2470b0 100644
--- a/secure/lib/libcrypto/man/SSL_new.3
+++ b/secure/lib/libcrypto/man/SSL_new.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:48 2002
+.\" Wed Feb 19 21:05:41 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_new 3"
-.TH SSL_new 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_new 3 "0.9.6i" "2001-08-17" "OpenSSL"
.UC
.SH "NAME"
SSL_new \- create a new \s-1SSL\s0 structure for a connection
diff --git a/secure/lib/libcrypto/man/SSL_pending.3 b/secure/lib/libcrypto/man/SSL_pending.3
index 41951d4e727b..18c7ee1c956d 100644
--- a/secure/lib/libcrypto/man/SSL_pending.3
+++ b/secure/lib/libcrypto/man/SSL_pending.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:49 2002
+.\" Wed Feb 19 21:05:41 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_pending 3"
-.TH SSL_pending 3 "0.9.6e" "2001-02-17" "OpenSSL"
+.TH SSL_pending 3 "0.9.6i" "2000-12-25" "OpenSSL"
.UC
.SH "NAME"
SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object
diff --git a/secure/lib/libcrypto/man/SSL_read.3 b/secure/lib/libcrypto/man/SSL_read.3
index 49a080e7cc89..8e396f2a3f47 100644
--- a/secure/lib/libcrypto/man/SSL_read.3
+++ b/secure/lib/libcrypto/man/SSL_read.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:50 2002
+.\" Wed Feb 19 21:05:41 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_read 3"
-.TH SSL_read 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_read 3 "0.9.6i" "2001-09-13" "OpenSSL"
.UC
.SH "NAME"
SSL_read \- read bytes from a \s-1TLS/SSL\s0 connection.
diff --git a/secure/lib/libcrypto/man/SSL_rstate_string.3 b/secure/lib/libcrypto/man/SSL_rstate_string.3
index e6a93bda0ff3..9766ce790776 100644
--- a/secure/lib/libcrypto/man/SSL_rstate_string.3
+++ b/secure/lib/libcrypto/man/SSL_rstate_string.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:50 2002
+.\" Wed Feb 19 21:05:42 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_rstate_string 3"
-.TH SSL_rstate_string 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_rstate_string 3 "0.9.6i" "2001-08-23" "OpenSSL"
.UC
.SH "NAME"
SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an \s-1SSL\s0 object during read operation
diff --git a/secure/lib/libcrypto/man/SSL_session_reused.3 b/secure/lib/libcrypto/man/SSL_session_reused.3
index 302ccac6d667..cfc50b4ab9e9 100644
--- a/secure/lib/libcrypto/man/SSL_session_reused.3
+++ b/secure/lib/libcrypto/man/SSL_session_reused.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:51 2002
+.\" Wed Feb 19 21:05:42 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_session_reused 3"
-.TH SSL_session_reused 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_session_reused 3 "0.9.6i" "2001-07-20" "OpenSSL"
.UC
.SH "NAME"
SSL_session_reused \- query whether a reused session was negotiated during handshake
diff --git a/secure/lib/libcrypto/man/SSL_set_bio.3 b/secure/lib/libcrypto/man/SSL_set_bio.3
index 80c46a4f350d..d73cc9ea0f0a 100644
--- a/secure/lib/libcrypto/man/SSL_set_bio.3
+++ b/secure/lib/libcrypto/man/SSL_set_bio.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:51 2002
+.\" Wed Feb 19 21:05:42 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_set_bio 3"
-.TH SSL_set_bio 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH SSL_set_bio 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0
diff --git a/secure/lib/libcrypto/man/SSL_set_connect_state.3 b/secure/lib/libcrypto/man/SSL_set_connect_state.3
index 8be743a8f289..86253e43bf0b 100644
--- a/secure/lib/libcrypto/man/SSL_set_connect_state.3
+++ b/secure/lib/libcrypto/man/SSL_set_connect_state.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:52 2002
+.\" Wed Feb 19 21:05:42 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_set_connect_state 3"
-.TH SSL_set_connect_state 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SSL_set_connect_state 3 "0.9.6i" "2002-07-19" "OpenSSL"
.UC
.SH "NAME"
SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work in client or server mode
diff --git a/secure/lib/libcrypto/man/SSL_set_fd.3 b/secure/lib/libcrypto/man/SSL_set_fd.3
index c2628f9d7417..cc2e0dceb2d7 100644
--- a/secure/lib/libcrypto/man/SSL_set_fd.3
+++ b/secure/lib/libcrypto/man/SSL_set_fd.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:53 2002
+.\" Wed Feb 19 21:05:42 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_set_fd 3"
-.TH SSL_set_fd 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH SSL_set_fd 3 "0.9.6i" "2000-09-16" "OpenSSL"
.UC
.SH "NAME"
SSL_set_fd \- connect the \s-1SSL\s0 object with a file descriptor
diff --git a/secure/lib/libcrypto/man/SSL_set_session.3 b/secure/lib/libcrypto/man/SSL_set_session.3
index 7c688ec93c08..f561fb699307 100644
--- a/secure/lib/libcrypto/man/SSL_set_session.3
+++ b/secure/lib/libcrypto/man/SSL_set_session.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:53 2002
+.\" Wed Feb 19 21:05:43 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_set_session 3"
-.TH SSL_set_session 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_set_session 3 "0.9.6i" "2001-10-12" "OpenSSL"
.UC
.SH "NAME"
SSL_set_session \- set a \s-1TLS/SSL\s0 session to be used during \s-1TLS/SSL\s0 connect
diff --git a/secure/lib/libcrypto/man/SSL_set_shutdown.3 b/secure/lib/libcrypto/man/SSL_set_shutdown.3
index 3696d335eea6..b06aa5273fbe 100644
--- a/secure/lib/libcrypto/man/SSL_set_shutdown.3
+++ b/secure/lib/libcrypto/man/SSL_set_shutdown.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:54 2002
+.\" Wed Feb 19 21:05:43 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_set_shutdown 3"
-.TH SSL_set_shutdown 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_set_shutdown 3 "0.9.6i" "2001-08-20" "OpenSSL"
.UC
.SH "NAME"
SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 connection
diff --git a/secure/lib/libcrypto/man/SSL_set_verify_result.3 b/secure/lib/libcrypto/man/SSL_set_verify_result.3
index 5b317e914239..2cdc052b6abe 100644
--- a/secure/lib/libcrypto/man/SSL_set_verify_result.3
+++ b/secure/lib/libcrypto/man/SSL_set_verify_result.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:55 2002
+.\" Wed Feb 19 21:05:43 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_set_verify_result 3"
-.TH SSL_set_verify_result 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH SSL_set_verify_result 3 "0.9.6i" "2000-09-20" "OpenSSL"
.UC
.SH "NAME"
SSL_set_verify_result \- override result of peer certificate verification
diff --git a/secure/lib/libcrypto/man/SSL_shutdown.3 b/secure/lib/libcrypto/man/SSL_shutdown.3
index 7dbc29e55308..88ac23ef10e8 100644
--- a/secure/lib/libcrypto/man/SSL_shutdown.3
+++ b/secure/lib/libcrypto/man/SSL_shutdown.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:55 2002
+.\" Wed Feb 19 21:05:43 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_shutdown 3"
-.TH SSL_shutdown 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_shutdown 3 "0.9.6i" "2001-08-20" "OpenSSL"
.UC
.SH "NAME"
SSL_shutdown \- shut down a \s-1TLS/SSL\s0 connection
diff --git a/secure/lib/libcrypto/man/SSL_state_string.3 b/secure/lib/libcrypto/man/SSL_state_string.3
index 115fffc66e91..cc202783a9b7 100644
--- a/secure/lib/libcrypto/man/SSL_state_string.3
+++ b/secure/lib/libcrypto/man/SSL_state_string.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:56 2002
+.\" Wed Feb 19 21:05:43 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_state_string 3"
-.TH SSL_state_string 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_state_string 3 "0.9.6i" "2001-08-24" "OpenSSL"
.UC
.SH "NAME"
SSL_state_string, SSL_state_string_long \- get textual description of state of an \s-1SSL\s0 object
diff --git a/secure/lib/libcrypto/man/SSL_want.3 b/secure/lib/libcrypto/man/SSL_want.3
index 288e22a4861b..87409b7be1a5 100644
--- a/secure/lib/libcrypto/man/SSL_want.3
+++ b/secure/lib/libcrypto/man/SSL_want.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:56 2002
+.\" Wed Feb 19 21:05:44 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_want 3"
-.TH SSL_want 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH SSL_want 3 "0.9.6i" "2001-08-17" "OpenSSL"
.UC
.SH "NAME"
SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information \s-1TLS/SSL\s0 I/O operation
diff --git a/secure/lib/libcrypto/man/SSL_write.3 b/secure/lib/libcrypto/man/SSL_write.3
index 487a9da1aa1b..b21cce63a03f 100644
--- a/secure/lib/libcrypto/man/SSL_write.3
+++ b/secure/lib/libcrypto/man/SSL_write.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:57 2002
+.\" Wed Feb 19 21:05:44 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SSL_write 3"
-.TH SSL_write 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SSL_write 3 "0.9.6i" "2002-07-19" "OpenSSL"
.UC
.SH "NAME"
SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection.
diff --git a/secure/lib/libcrypto/man/asn1parse.1 b/secure/lib/libcrypto/man/asn1parse.1
index 6401c6198adb..571eeb1d7d80 100644
--- a/secure/lib/libcrypto/man/asn1parse.1
+++ b/secure/lib/libcrypto/man/asn1parse.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:39 2002
+.\" Wed Feb 19 21:04:55 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ASN1PARSE 1"
-.TH ASN1PARSE 1 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH ASN1PARSE 1 "0.9.6i" "2000-01-20" "OpenSSL"
.UC
.SH "NAME"
asn1parse \- \s-1ASN\s0.1 parsing tool
diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3
index 327f8b1ad663..53a7de4547e4 100644
--- a/secure/lib/libcrypto/man/bio.3
+++ b/secure/lib/libcrypto/man/bio.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:57 2002
+.\" Wed Feb 19 21:05:22 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "bio 3"
-.TH bio 3 "0.9.6e" "2001-07-19" "OpenSSL"
+.TH bio 3 "0.9.6i" "2001-04-12" "OpenSSL"
.UC
.SH "NAME"
bio \- I/O abstraction
diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3
index 4433e24a320c..220456ea5d1a 100644
--- a/secure/lib/libcrypto/man/blowfish.3
+++ b/secure/lib/libcrypto/man/blowfish.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:57 2002
+.\" Wed Feb 19 21:05:22 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "blowfish 3"
-.TH blowfish 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH blowfish 3 "0.9.6i" "2002-01-21" "OpenSSL"
.UC
.SH "NAME"
blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3
index 0c1e345bd5b1..731aaba2078a 100644
--- a/secure/lib/libcrypto/man/bn.3
+++ b/secure/lib/libcrypto/man/bn.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:58 2002
+.\" Wed Feb 19 21:05:22 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "bn 3"
-.TH bn 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH bn 3 "0.9.6i" "2001-09-03" "OpenSSL"
.UC
.SH "NAME"
bn \- multiprecision integer arithmetics
diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3
index a00f9dcbadc4..89dc90aec8c1 100644
--- a/secure/lib/libcrypto/man/bn_internal.3
+++ b/secure/lib/libcrypto/man/bn_internal.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:58 2002
+.\" Wed Feb 19 21:05:22 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "bn_internal 3"
-.TH bn_internal 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH bn_internal 3 "0.9.6i" "2000-09-19" "OpenSSL"
.UC
.SH "NAME"
bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3
index 4687d39c1b40..0045d1522706 100644
--- a/secure/lib/libcrypto/man/buffer.3
+++ b/secure/lib/libcrypto/man/buffer.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:59 2002
+.\" Wed Feb 19 21:05:23 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "buffer 3"
-.TH buffer 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH buffer 3 "0.9.6i" "2000-09-19" "OpenSSL"
.UC
.SH "NAME"
BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup \- simple
diff --git a/secure/lib/libcrypto/man/ca.1 b/secure/lib/libcrypto/man/ca.1
index 86f7b2cd0c82..e3a76ae0ac48 100644
--- a/secure/lib/libcrypto/man/ca.1
+++ b/secure/lib/libcrypto/man/ca.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:40 2002
+.\" Wed Feb 19 21:04:56 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "CA 1"
-.TH CA 1 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH CA 1 "0.9.6i" "2001-11-26" "OpenSSL"
.UC
.SH "NAME"
ca \- sample minimal \s-1CA\s0 application
diff --git a/secure/lib/libcrypto/man/ciphers.1 b/secure/lib/libcrypto/man/ciphers.1
index 620a08189cd7..a25020b910d4 100644
--- a/secure/lib/libcrypto/man/ciphers.1
+++ b/secure/lib/libcrypto/man/ciphers.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:40 2002
+.\" Wed Feb 19 21:04:56 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "CIPHERS 1"
-.TH CIPHERS 1 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH CIPHERS 1 "0.9.6i" "2000-04-06" "OpenSSL"
.UC
.SH "NAME"
ciphers \- \s-1SSL\s0 cipher display and cipher list tool.
diff --git a/secure/lib/libcrypto/man/config.1 b/secure/lib/libcrypto/man/config.1
index ff8800404396..7ac505d762bd 100644
--- a/secure/lib/libcrypto/man/config.1
+++ b/secure/lib/libcrypto/man/config.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Thu May 9 13:14:01 2002
+.\" Wed Feb 19 21:04:56 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -137,8 +137,8 @@
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
-.IX Title "CONFIG 1"
-.TH CONFIG 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation"
+.IX Title "config 5"
+.TH config 5 "0.9.6i" "2000-02-03" "OpenSSL"
.UC
.SH "NAME"
config \- OpenSSL \s-1CONF\s0 library configuration files
diff --git a/secure/lib/libcrypto/man/config.5 b/secure/lib/libcrypto/man/config.5
index fbe41e16d4fa..7ac505d762bd 100644
--- a/secure/lib/libcrypto/man/config.5
+++ b/secure/lib/libcrypto/man/config.5
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:41 2002
+.\" Wed Feb 19 21:04:56 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "config 5"
-.TH config 5 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH config 5 "0.9.6i" "2000-02-03" "OpenSSL"
.UC
.SH "NAME"
config \- OpenSSL \s-1CONF\s0 library configuration files
diff --git a/secure/lib/libcrypto/man/crl.1 b/secure/lib/libcrypto/man/crl.1
index 8c71fec7c7f3..ac703a28050c 100644
--- a/secure/lib/libcrypto/man/crl.1
+++ b/secure/lib/libcrypto/man/crl.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:42 2002
+.\" Wed Feb 19 21:04:56 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "CRL 1"
-.TH CRL 1 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH CRL 1 "0.9.6i" "2000-02-08" "OpenSSL"
.UC
.SH "NAME"
crl \- \s-1CRL\s0 utility
diff --git a/secure/lib/libcrypto/man/crl2pkcs7.1 b/secure/lib/libcrypto/man/crl2pkcs7.1
index 0cb8dd915627..4c7b3bb2a353 100644
--- a/secure/lib/libcrypto/man/crl2pkcs7.1
+++ b/secure/lib/libcrypto/man/crl2pkcs7.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:42 2002
+.\" Wed Feb 19 21:04:57 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "CRL2PKCS7 1"
-.TH CRL2PKCS7 1 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH CRL2PKCS7 1 "0.9.6i" "2002-07-09" "OpenSSL"
.UC
.SH "NAME"
crl2pkcs7 \- Create a PKCS#7 structure from a \s-1CRL\s0 and certificates.
diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3
index 38ef4b62cc47..cc11f8992c0d 100644
--- a/secure/lib/libcrypto/man/crypto.3
+++ b/secure/lib/libcrypto/man/crypto.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:00 2002
+.\" Wed Feb 19 21:05:23 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "crypto 3"
-.TH crypto 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH crypto 3 "0.9.6i" "2002-01-04" "OpenSSL"
.UC
.SH "NAME"
crypto \- OpenSSL cryptographic library
diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3
index 845a38c7ebb8..7ac6791d0e88 100644
--- a/secure/lib/libcrypto/man/d2i_DHparams.3
+++ b/secure/lib/libcrypto/man/d2i_DHparams.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:01 2002
+.\" Wed Feb 19 21:05:23 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "d2i_DHparams 3"
-.TH d2i_DHparams 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH d2i_DHparams 3 "0.9.6i" "2000-01-26" "OpenSSL"
.UC
.SH "NAME"
d2i_DHparams, i2d_DHparams \- ...
diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
index 97a381b25abf..81f5a6a66074 100644
--- a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
+++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:01 2002
+.\" Wed Feb 19 21:05:23 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "d2i_RSAPublicKey 3"
-.TH d2i_RSAPublicKey 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH d2i_RSAPublicKey 3 "0.9.6i" "2000-01-26" "OpenSSL"
.UC
.SH "NAME"
d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA \- ...
diff --git a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 b/secure/lib/libcrypto/man/d2i_SSL_SESSION.3
index 64d9f8a72a02..8b0760421ac6 100644
--- a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3
+++ b/secure/lib/libcrypto/man/d2i_SSL_SESSION.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:58 2002
+.\" Wed Feb 19 21:05:44 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "d2i_SSL_SESSION 3"
-.TH d2i_SSL_SESSION 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH d2i_SSL_SESSION 3 "0.9.6i" "2001-10-12" "OpenSSL"
.UC
.SH "NAME"
d2i_SSL_SESSION, i2d_SSL_SESSION \- convert \s-1SSL_SESSION\s0 object from/to \s-1ASN1\s0 representation
diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3
index b046d59c67b5..7835467b1592 100644
--- a/secure/lib/libcrypto/man/des.3
+++ b/secure/lib/libcrypto/man/des.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:02 2002
+.\" Wed Feb 19 21:05:24 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "des 3"
-.TH des 3 "0.9.6e" "2001-02-17" "OpenSSL"
+.TH des 3 "0.9.6i" "2000-10-11" "OpenSSL"
.UC
.SH "NAME"
des_random_key, des_set_key, des_key_sched, des_set_key_checked,
diff --git a/secure/lib/libcrypto/man/des_modes.3 b/secure/lib/libcrypto/man/des_modes.3
index b8cf5b062fd2..5907a24ea38e 100644
--- a/secure/lib/libcrypto/man/des_modes.3
+++ b/secure/lib/libcrypto/man/des_modes.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:02 2002
+.\" Wed Feb 19 21:05:24 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -137,8 +137,8 @@
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
-.IX Title "des_modes 3"
-.TH des_modes 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.IX Title "des_modes 7"
+.TH des_modes 7 "0.9.6i" "2002-03-05" "OpenSSL"
.UC
.SH "NAME"
Modes of \s-1DES\s0 \- the variants of \s-1DES\s0 and other crypto algorithms of OpenSSL
diff --git a/secure/lib/libcrypto/man/dgst.1 b/secure/lib/libcrypto/man/dgst.1
index b848f581bd45..3ea3affd2f52 100644
--- a/secure/lib/libcrypto/man/dgst.1
+++ b/secure/lib/libcrypto/man/dgst.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:43 2002
+.\" Wed Feb 19 21:04:57 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DGST 1"
-.TH DGST 1 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH DGST 1 "0.9.6i" "2000-09-04" "OpenSSL"
.UC
.SH "NAME"
dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests
diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3
index 31cdc5975fd2..d9532651969d 100644
--- a/secure/lib/libcrypto/man/dh.3
+++ b/secure/lib/libcrypto/man/dh.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:03 2002
+.\" Wed Feb 19 21:05:24 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "dh 3"
-.TH dh 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH dh 3 "0.9.6i" "2000-01-27" "OpenSSL"
.UC
.SH "NAME"
dh \- Diffie-Hellman key agreement
diff --git a/secure/lib/libcrypto/man/dhparam.1 b/secure/lib/libcrypto/man/dhparam.1
index 98a449f8f630..6499674cecaa 100644
--- a/secure/lib/libcrypto/man/dhparam.1
+++ b/secure/lib/libcrypto/man/dhparam.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:44 2002
+.\" Wed Feb 19 21:04:57 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DHPARAM 1"
-.TH DHPARAM 1 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH DHPARAM 1 "0.9.6i" "2000-04-12" "OpenSSL"
.UC
.SH "NAME"
dhparam \- \s-1DH\s0 parameter manipulation and generation
diff --git a/secure/lib/libcrypto/man/dsa.1 b/secure/lib/libcrypto/man/dsa.1
index dcc68e9a2362..6a9cba81ecf6 100644
--- a/secure/lib/libcrypto/man/dsa.1
+++ b/secure/lib/libcrypto/man/dsa.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:44 2002
+.\" Wed Feb 19 21:04:57 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSA 1"
-.TH DSA 1 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH DSA 1 "0.9.6i" "2000-02-16" "OpenSSL"
.UC
.SH "NAME"
dsa \- \s-1DSA\s0 key processing
diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3
index c4528186742d..e5d7a2879523 100644
--- a/secure/lib/libcrypto/man/dsa.3
+++ b/secure/lib/libcrypto/man/dsa.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:04 2002
+.\" Wed Feb 19 21:05:24 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "dsa 3"
-.TH dsa 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH dsa 3 "0.9.6i" "2000-02-03" "OpenSSL"
.UC
.SH "NAME"
dsa \- Digital Signature Algorithm
diff --git a/secure/lib/libcrypto/man/dsaparam.1 b/secure/lib/libcrypto/man/dsaparam.1
index f40010472e98..3baf3efb612b 100644
--- a/secure/lib/libcrypto/man/dsaparam.1
+++ b/secure/lib/libcrypto/man/dsaparam.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:45 2002
+.\" Wed Feb 19 21:04:57 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "DSAPARAM 1"
-.TH DSAPARAM 1 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH DSAPARAM 1 "0.9.6i" "2000-04-12" "OpenSSL"
.UC
.SH "NAME"
dsaparam \- \s-1DSA\s0 parameter manipulation and generation
diff --git a/secure/lib/libcrypto/man/enc.1 b/secure/lib/libcrypto/man/enc.1
index ee1597d5d3d1..63e458fc9cf0 100644
--- a/secure/lib/libcrypto/man/enc.1
+++ b/secure/lib/libcrypto/man/enc.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:46 2002
+.\" Wed Feb 19 21:04:58 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ENC 1"
-.TH ENC 1 "0.9.6e" "2001-07-19" "OpenSSL"
+.TH ENC 1 "0.9.6i" "2001-07-03" "OpenSSL"
.UC
.SH "NAME"
enc \- symmetric cipher routines
diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3
index bd76dd783a6c..e64de030ebbc 100644
--- a/secure/lib/libcrypto/man/err.3
+++ b/secure/lib/libcrypto/man/err.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:04 2002
+.\" Wed Feb 19 21:05:24 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "err 3"
-.TH err 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH err 3 "0.9.6i" "2002-07-10" "OpenSSL"
.UC
.SH "NAME"
err \- error codes
diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3
index dae3c8223f54..3c0b8c9d4a32 100644
--- a/secure/lib/libcrypto/man/evp.3
+++ b/secure/lib/libcrypto/man/evp.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:05 2002
+.\" Wed Feb 19 21:05:25 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "evp 3"
-.TH evp 3 "0.9.6e" "2001-02-17" "OpenSSL"
+.TH evp 3 "0.9.6i" "2000-10-10" "OpenSSL"
.UC
.SH "NAME"
evp \- high-level cryptographic functions
diff --git a/secure/lib/libcrypto/man/gendsa.1 b/secure/lib/libcrypto/man/gendsa.1
index 19ec49bbcc9e..e7e3e522d339 100644
--- a/secure/lib/libcrypto/man/gendsa.1
+++ b/secure/lib/libcrypto/man/gendsa.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:46 2002
+.\" Wed Feb 19 21:04:58 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "GENDSA 1"
-.TH GENDSA 1 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH GENDSA 1 "0.9.6i" "2000-04-12" "OpenSSL"
.UC
.SH "NAME"
gendsa \- generate a \s-1DSA\s0 private key from a set of parameters
diff --git a/secure/lib/libcrypto/man/genrsa.1 b/secure/lib/libcrypto/man/genrsa.1
index aaea7623c51f..9b118719b157 100644
--- a/secure/lib/libcrypto/man/genrsa.1
+++ b/secure/lib/libcrypto/man/genrsa.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:47 2002
+.\" Wed Feb 19 21:04:58 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "GENRSA 1"
-.TH GENRSA 1 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH GENRSA 1 "0.9.6i" "2000-04-12" "OpenSSL"
.UC
.SH "NAME"
genrsa \- generate an \s-1RSA\s0 private key
diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3
index c62de6349aa5..ef15a6371299 100644
--- a/secure/lib/libcrypto/man/hmac.3
+++ b/secure/lib/libcrypto/man/hmac.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:06 2002
+.\" Wed Feb 19 21:05:25 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "hmac 3"
-.TH hmac 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH hmac 3 "0.9.6i" "2000-09-14" "OpenSSL"
.UC
.SH "NAME"
\&\s-1HMAC\s0, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup \- \s-1HMAC\s0 message
diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3
index 44645f06a440..ad022eaf9d33 100644
--- a/secure/lib/libcrypto/man/lh_stats.3
+++ b/secure/lib/libcrypto/man/lh_stats.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:06 2002
+.\" Wed Feb 19 21:05:25 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "lh_stats 3"
-.TH lh_stats 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH lh_stats 3 "0.9.6i" "2000-01-30" "OpenSSL"
.UC
.SH "NAME"
lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3
index e5ee467db8b9..84140f737476 100644
--- a/secure/lib/libcrypto/man/lhash.3
+++ b/secure/lib/libcrypto/man/lhash.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:07 2002
+.\" Wed Feb 19 21:05:25 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "lhash 3"
-.TH lhash 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH lhash 3 "0.9.6i" "2000-09-19" "OpenSSL"
.UC
.SH "NAME"
lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall,
diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3
index c69001a49b2c..c6dc868162ad 100644
--- a/secure/lib/libcrypto/man/md5.3
+++ b/secure/lib/libcrypto/man/md5.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:07 2002
+.\" Wed Feb 19 21:05:25 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "md5 3"
-.TH md5 3 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH md5 3 "0.9.6i" "2000-08-14" "OpenSSL"
.UC
.SH "NAME"
\&\s-1MD2\s0, \s-1MD4\s0, \s-1MD5\s0, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3
index b55340370019..1de10fe51fec 100644
--- a/secure/lib/libcrypto/man/mdc2.3
+++ b/secure/lib/libcrypto/man/mdc2.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:08 2002
+.\" Wed Feb 19 21:05:26 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "mdc2 3"
-.TH mdc2 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH mdc2 3 "0.9.6i" "2000-02-25" "OpenSSL"
.UC
.SH "NAME"
\&\s-1MDC2\s0, MDC2_Init, MDC2_Update, MDC2_Final \- \s-1MDC2\s0 hash function
diff --git a/secure/lib/libcrypto/man/nseq.1 b/secure/lib/libcrypto/man/nseq.1
index 469dc98a8f24..83ec885a2a1d 100644
--- a/secure/lib/libcrypto/man/nseq.1
+++ b/secure/lib/libcrypto/man/nseq.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:47 2002
+.\" Wed Feb 19 21:04:58 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "NSEQ 1"
-.TH NSEQ 1 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH NSEQ 1 "0.9.6i" "2000-01-20" "OpenSSL"
.UC
.SH "NAME"
nseq \- create or examine a netscape certificate sequence
diff --git a/secure/lib/libcrypto/man/openssl.1 b/secure/lib/libcrypto/man/openssl.1
index 7511cb170078..a20a7c2a2344 100644
--- a/secure/lib/libcrypto/man/openssl.1
+++ b/secure/lib/libcrypto/man/openssl.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:48 2002
+.\" Wed Feb 19 21:04:59 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "OPENSSL 1"
-.TH OPENSSL 1 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH OPENSSL 1 "0.9.6i" "2001-08-08" "OpenSSL"
.UC
.SH "NAME"
openssl \- OpenSSL command line tool
diff --git a/secure/lib/libcrypto/man/passwd.1 b/secure/lib/libcrypto/man/passwd.1
index 1274f1779ce3..929429d0ec7b 100644
--- a/secure/lib/libcrypto/man/passwd.1
+++ b/secure/lib/libcrypto/man/passwd.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:49 2002
+.\" Wed Feb 19 21:04:59 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "PASSWD 1"
-.TH PASSWD 1 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH PASSWD 1 "0.9.6i" "2002-10-03" "OpenSSL"
.UC
.SH "NAME"
passwd \- compute password hashes
@@ -193,6 +193,6 @@ to each password hash.
.IX Header "EXAMPLES"
\&\fBopenssl passwd \-crypt \-salt xx password\fR prints \fBxxj31ZMTZzkVA\fR.
.PP
-\&\fBopenssl passwd \-1 \-salt xxxxxxxx password\fR prints \fB$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1\fR.
+\&\fBopenssl passwd \-1 \-salt xxxxxxxx password\fR prints \fB$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.\fR.
.PP
\&\fBopenssl passwd \-apr1 \-salt xxxxxxxx password\fR prints \fB$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0\fR.
diff --git a/secure/lib/libcrypto/man/pkcs12.1 b/secure/lib/libcrypto/man/pkcs12.1
index 4c5b81fd08cf..bb3ed4508687 100644
--- a/secure/lib/libcrypto/man/pkcs12.1
+++ b/secure/lib/libcrypto/man/pkcs12.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:50 2002
+.\" Wed Feb 19 21:04:59 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "PKCS12 1"
-.TH PKCS12 1 "0.9.6e" "2001-05-19" "OpenSSL"
+.TH PKCS12 1 "0.9.6i" "2001-03-17" "OpenSSL"
.UC
.SH "NAME"
pkcs12 \- PKCS#12 file utility
diff --git a/secure/lib/libcrypto/man/pkcs7.1 b/secure/lib/libcrypto/man/pkcs7.1
index e7a89ad50511..53afebcbec17 100644
--- a/secure/lib/libcrypto/man/pkcs7.1
+++ b/secure/lib/libcrypto/man/pkcs7.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:50 2002
+.\" Wed Feb 19 21:04:59 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "PKCS7 1"
-.TH PKCS7 1 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH PKCS7 1 "0.9.6i" "2000-02-22" "OpenSSL"
.UC
.SH "NAME"
pkcs7 \- PKCS#7 utility
diff --git a/secure/lib/libcrypto/man/pkcs8.1 b/secure/lib/libcrypto/man/pkcs8.1
index 110df1aa8936..9e4fa4176e90 100644
--- a/secure/lib/libcrypto/man/pkcs8.1
+++ b/secure/lib/libcrypto/man/pkcs8.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:51 2002
+.\" Wed Feb 19 21:05:00 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "PKCS8 1"
-.TH PKCS8 1 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH PKCS8 1 "0.9.6i" "2000-02-16" "OpenSSL"
.UC
.SH "NAME"
pkcs8 \- PKCS#8 format private key conversion tool
diff --git a/secure/lib/libcrypto/man/rand.1 b/secure/lib/libcrypto/man/rand.1
index b9f16e5610fc..e6f585c64a73 100644
--- a/secure/lib/libcrypto/man/rand.1
+++ b/secure/lib/libcrypto/man/rand.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:52 2002
+.\" Wed Feb 19 21:05:00 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RAND 1"
-.TH RAND 1 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH RAND 1 "0.9.6i" "2000-04-12" "OpenSSL"
.UC
.SH "NAME"
rand \- generate pseudo-random bytes
diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3
index 6f211bf23c76..25a78281621c 100644
--- a/secure/lib/libcrypto/man/rand.3
+++ b/secure/lib/libcrypto/man/rand.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:09 2002
+.\" Wed Feb 19 21:05:26 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "rand 3"
-.TH rand 3 "0.9.6e" "2001-07-19" "OpenSSL"
+.TH rand 3 "0.9.6i" "2001-07-09" "OpenSSL"
.UC
.SH "NAME"
rand \- pseudo-random number generator
diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3
index 8ff53479d184..0fd6ed9df134 100644
--- a/secure/lib/libcrypto/man/rc4.3
+++ b/secure/lib/libcrypto/man/rc4.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:09 2002
+.\" Wed Feb 19 21:05:26 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "rc4 3"
-.TH rc4 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH rc4 3 "0.9.6i" "2000-02-25" "OpenSSL"
.UC
.SH "NAME"
RC4_set_key, \s-1RC4\s0 \- \s-1RC4\s0 encryption
diff --git a/secure/lib/libcrypto/man/req.1 b/secure/lib/libcrypto/man/req.1
index 9915eeaa253e..de9dd91da9fb 100644
--- a/secure/lib/libcrypto/man/req.1
+++ b/secure/lib/libcrypto/man/req.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:52 2002
+.\" Wed Feb 19 21:05:00 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "REQ 1"
-.TH REQ 1 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH REQ 1 "0.9.6i" "2002-11-09" "OpenSSL"
.UC
.SH "NAME"
req \- PKCS#10 certificate and certificate generating utility.
@@ -566,14 +566,14 @@ Sample configuration containing all field values:
The header and footer lines in the \fB\s-1PEM\s0\fR format are normally:
.PP
.Vb 2
-\& -----BEGIN CERTIFICATE REQUEST----
-\& -----END CERTIFICATE REQUEST----
+\& -----BEGIN CERTIFICATE REQUEST-----
+\& -----END CERTIFICATE REQUEST-----
.Ve
some software (some versions of Netscape certificate server) instead needs:
.PP
.Vb 2
-\& -----BEGIN NEW CERTIFICATE REQUEST----
-\& -----END NEW CERTIFICATE REQUEST----
+\& -----BEGIN NEW CERTIFICATE REQUEST-----
+\& -----END NEW CERTIFICATE REQUEST-----
.Ve
which is produced with the \fB\-newhdr\fR option but is otherwise compatible.
Either form is accepted transparently on input.
diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3
index a8ba8e266c93..44303c65ead4 100644
--- a/secure/lib/libcrypto/man/ripemd.3
+++ b/secure/lib/libcrypto/man/ripemd.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:10 2002
+.\" Wed Feb 19 21:05:26 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ripemd 3"
-.TH ripemd 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH ripemd 3 "0.9.6i" "2000-02-25" "OpenSSL"
.UC
.SH "NAME"
\&\s-1RIPEMD160\s0, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \-
diff --git a/secure/lib/libcrypto/man/rsa.1 b/secure/lib/libcrypto/man/rsa.1
index 560c1448fefe..716438076f8a 100644
--- a/secure/lib/libcrypto/man/rsa.1
+++ b/secure/lib/libcrypto/man/rsa.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:53 2002
+.\" Wed Feb 19 21:05:00 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA 1"
-.TH RSA 1 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH RSA 1 "0.9.6i" "2000-06-15" "OpenSSL"
.UC
.SH "NAME"
rsa \- \s-1RSA\s0 key processing tool
diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3
index 1667d446c4df..f0f16b3ee927 100644
--- a/secure/lib/libcrypto/man/rsa.3
+++ b/secure/lib/libcrypto/man/rsa.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:10 2002
+.\" Wed Feb 19 21:05:26 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "rsa 3"
-.TH rsa 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH rsa 3 "0.9.6i" "2002-07-10" "OpenSSL"
.UC
.SH "NAME"
rsa \- \s-1RSA\s0 public key cryptosystem
diff --git a/secure/lib/libcrypto/man/rsautl.1 b/secure/lib/libcrypto/man/rsautl.1
index 62b755240f9e..3c04408a225e 100644
--- a/secure/lib/libcrypto/man/rsautl.1
+++ b/secure/lib/libcrypto/man/rsautl.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:54 2002
+.\" Wed Feb 19 21:05:01 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSAUTL 1"
-.TH RSAUTL 1 "0.9.6e" "2001-07-19" "OpenSSL"
+.TH RSAUTL 1 "0.9.6i" "2001-04-25" "OpenSSL"
.UC
.SH "NAME"
rsautl \- \s-1RSA\s0 utility
diff --git a/secure/lib/libcrypto/man/s_client.1 b/secure/lib/libcrypto/man/s_client.1
index e7c3665925da..282ed7c827fc 100644
--- a/secure/lib/libcrypto/man/s_client.1
+++ b/secure/lib/libcrypto/man/s_client.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:54 2002
+.\" Wed Feb 19 21:05:01 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "S_CLIENT 1"
-.TH S_CLIENT 1 "0.9.6e" "2001-05-19" "OpenSSL"
+.TH S_CLIENT 1 "0.9.6i" "2001-02-15" "OpenSSL"
.UC
.SH "NAME"
s_client \- \s-1SSL/TLS\s0 client program
diff --git a/secure/lib/libcrypto/man/s_server.1 b/secure/lib/libcrypto/man/s_server.1
index a0217466d31a..a44a9197fdd9 100644
--- a/secure/lib/libcrypto/man/s_server.1
+++ b/secure/lib/libcrypto/man/s_server.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:55 2002
+.\" Wed Feb 19 21:05:01 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "S_SERVER 1"
-.TH S_SERVER 1 "0.9.6e" "2001-07-19" "OpenSSL"
+.TH S_SERVER 1 "0.9.6i" "2001-04-09" "OpenSSL"
.UC
.SH "NAME"
s_server \- \s-1SSL/TLS\s0 server program
diff --git a/secure/lib/libcrypto/man/sess_id.1 b/secure/lib/libcrypto/man/sess_id.1
index 9a9c5575c96f..7ecf9524defa 100644
--- a/secure/lib/libcrypto/man/sess_id.1
+++ b/secure/lib/libcrypto/man/sess_id.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:56 2002
+.\" Wed Feb 19 21:05:01 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SESS_ID 1"
-.TH SESS_ID 1 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH SESS_ID 1 "0.9.6i" "2000-02-03" "OpenSSL"
.UC
.SH "NAME"
sess_id \- \s-1SSL/TLS\s0 session handling utility
diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3
index 332f583c9ed0..cef422eb874a 100644
--- a/secure/lib/libcrypto/man/sha.3
+++ b/secure/lib/libcrypto/man/sha.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:11 2002
+.\" Wed Feb 19 21:05:27 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "sha 3"
-.TH sha 3 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH sha 3 "0.9.6i" "2000-02-25" "OpenSSL"
.UC
.SH "NAME"
\&\s-1SHA1\s0, SHA1_Init, SHA1_Update, SHA1_Final \- Secure Hash Algorithm
diff --git a/secure/lib/libcrypto/man/smime.1 b/secure/lib/libcrypto/man/smime.1
index a04e8359b818..36a0c071ba13 100644
--- a/secure/lib/libcrypto/man/smime.1
+++ b/secure/lib/libcrypto/man/smime.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:57 2002
+.\" Wed Feb 19 21:05:02 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SMIME 1"
-.TH SMIME 1 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH SMIME 1 "0.9.6i" "2002-11-09" "OpenSSL"
.UC
.SH "NAME"
smime \- S/MIME utility
@@ -438,8 +438,8 @@ signature by line wrapping the base64 encoded structure and surrounding
it with:
.PP
.Vb 2
-\& -----BEGIN PKCS7----
-\& -----END PKCS7----
+\& -----BEGIN PKCS7-----
+\& -----END PKCS7-----
.Ve
and using the command,
.PP
diff --git a/secure/lib/libcrypto/man/speed.1 b/secure/lib/libcrypto/man/speed.1
index a0483b84840a..0138f1b0e16b 100644
--- a/secure/lib/libcrypto/man/speed.1
+++ b/secure/lib/libcrypto/man/speed.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:57 2002
+.\" Wed Feb 19 21:05:02 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SPEED 1"
-.TH SPEED 1 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH SPEED 1 "0.9.6i" "2000-05-29" "OpenSSL"
.UC
.SH "NAME"
speed \- test library performance
diff --git a/secure/lib/libcrypto/man/spkac.1 b/secure/lib/libcrypto/man/spkac.1
index 2a7df5a66bba..f1e6325107df 100644
--- a/secure/lib/libcrypto/man/spkac.1
+++ b/secure/lib/libcrypto/man/spkac.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:58 2002
+.\" Wed Feb 19 21:05:02 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "SPKAC 1"
-.TH SPKAC 1 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH SPKAC 1 "0.9.6i" "2000-02-16" "OpenSSL"
.UC
.SH "NAME"
spkac \- \s-1SPKAC\s0 printing and generating utility
diff --git a/secure/lib/libcrypto/man/ssl.3 b/secure/lib/libcrypto/man/ssl.3
index 1964f5e937c9..f97fa70ce199 100644
--- a/secure/lib/libcrypto/man/ssl.3
+++ b/secure/lib/libcrypto/man/ssl.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:58 2002
+.\" Wed Feb 19 21:05:44 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "ssl 3"
-.TH ssl 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH ssl 3 "0.9.6i" "2002-11-14" "OpenSSL"
.UC
.SH "NAME"
\&\s-1SSL\s0 \- OpenSSL \s-1SSL/TLS\s0 library
@@ -436,7 +436,7 @@ appropriate size (using ???) and return it.
.IX Item "SSL_set_tmp_rsa_callback"
long \fBSSL_set_tmp_rsa_callback\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *(*cb)(\s-1SSL\s0 *ssl, int export, int keylength));
.Sp
-The same as the section on "SSL_CTX_set_tmp_rsa_callback", except it operates on an \s-1SSL\s0
+The same as \fBSSL_CTX_set_tmp_rsa_callback\fR, except it operates on an \s-1SSL\s0
session instead of a context.
.Ip "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4
.IX Item "void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))"
diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3
index e3c28bca12a1..4d7beab89b84 100644
--- a/secure/lib/libcrypto/man/threads.3
+++ b/secure/lib/libcrypto/man/threads.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:22:12 2002
+.\" Wed Feb 19 21:05:27 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "threads 3"
-.TH threads 3 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH threads 3 "0.9.6i" "2001-11-08" "OpenSSL"
.UC
.SH "NAME"
CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
diff --git a/secure/lib/libcrypto/man/verify.1 b/secure/lib/libcrypto/man/verify.1
index 190105cb8618..5ea286487539 100644
--- a/secure/lib/libcrypto/man/verify.1
+++ b/secure/lib/libcrypto/man/verify.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:59 2002
+.\" Wed Feb 19 21:05:02 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "VERIFY 1"
-.TH VERIFY 1 "0.9.6e" "2002-01-26" "OpenSSL"
+.TH VERIFY 1 "0.9.6i" "2001-10-08" "OpenSSL"
.UC
.SH "NAME"
verify \- Utility to verify certificates.
diff --git a/secure/lib/libcrypto/man/version.1 b/secure/lib/libcrypto/man/version.1
index 9d2112d6004b..47c8560282dd 100644
--- a/secure/lib/libcrypto/man/version.1
+++ b/secure/lib/libcrypto/man/version.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:59 2002
+.\" Wed Feb 19 21:05:03 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "VERSION 1"
-.TH VERSION 1 "0.9.6e" "2000-04-13" "OpenSSL"
+.TH VERSION 1 "0.9.6i" "2000-02-24" "OpenSSL"
.UC
.SH "NAME"
version \- print OpenSSL version information
diff --git a/secure/lib/libcrypto/man/x509.1 b/secure/lib/libcrypto/man/x509.1
index 4b76ee1c5666..c369cd3f5384 100644
--- a/secure/lib/libcrypto/man/x509.1
+++ b/secure/lib/libcrypto/man/x509.1
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:00 2002
+.\" Wed Feb 19 21:05:03 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "X509 1"
-.TH X509 1 "0.9.6e" "2000-11-12" "OpenSSL"
+.TH X509 1 "0.9.6i" "2003-01-14" "OpenSSL"
.UC
.SH "NAME"
x509 \- Certificate display and signing utility
@@ -400,8 +400,8 @@ use the serial number is incremented and written out to the file again.
The default filename consists of the \s-1CA\s0 certificate file base name with
\&\*(L".srl\*(R" appended. For example if the \s-1CA\s0 certificate file is called
\&\*(L"mycacert.pem\*(R" it expects to find a serial number file called \*(L"mycacert.srl\*(R".
-.Ip "\fB\-CAcreateserial filename\fR" 4
-.IX Item "-CAcreateserial filename"
+.Ip "\fB\-CAcreateserial\fR" 4
+.IX Item "-CAcreateserial"
with this option the \s-1CA\s0 serial number file is created if it does not exi